Security for your passwords and privacy for you

Proton Pass protects your passwords with the same proven end-to-end encryption technology that secures over 100 million Proton accounts, and has been battle-tested for a decade with Proton Mail.

End-to-end encryption

We built Proton Pass on the same security foundation that supports all Proton services.

With end-to-end encryption, your data is never accessible to us and only you can decrypt it using your secret password.

Not only are your usernames and passwords encrypted, but all metadata is also secure - not even Proton can access this data.

Open-source code

As scientists, we know that transparency and peer review lead to better security. All Proton Pass apps are open source(new window) and can be independently reviewed by anyone. Our security claims are not mere claims, but facts that can be independently verified by all.

Independently audited

Like all Proton services, Proton Pass has been audited by independent third-party experts, and such security reports are available to the public. Proton Pass security is also enhanced by a public bug bounty program, that invites and rewards security researchers who can identify security improvements in our apps.

Advanced security and privacy features

<h3>256-bit AES-GCM vault encryption</h3>

256-bit AES-GCM vault encryption

Passwords and other items stored in Proton Pass are kept in encrypted vaults. When you create a vault, Proton Pass generates a 32-byte random vault key that cannot be brute-forced.

Your data is encrypted with 256-bit AES-GCM which is quantum-resistant (cannot be broken by quantum computers). Nobody (not even Proton) can read or create new vault keys.

<h3>OpenPGP with ECC</h3>

OpenPGP with ECC

In order to protect your vault key and facilitate the sharing functionality (in case you want to share a login with a trusted third party), Proton Pass uses the OpenPGP encryption standard with elliptic curve cryptography (ECC Curve25519).

OpenPGP is open source, has been audited and battle-tested for nearly 30 years, and has no known vulnerabilities. Proton’s OpenPGP implementation is also modular, to allow easy upgrading to post-quantum encryption algorithms in the future.

<h3>Alternative routing</h3>

Alternative routing

Proton helps people who live under governments that are hostile to privacy. Alternative routing is an advanced anti-censorship feature that allows you to access your password manager even if your government or internet service provider tries to block access.

This means that Proton Pass can work even if you travel to countries with strict internet censorship.

<h3>Tor onion site</h3>

Tor onion site

For extra privacy, you can access our onion site while connected via the Tor Browser or Proton VPN’s Tor over VPN feature.

Passwords are only part
of the equation

Proton Pass is more than a password manager, it’s also an identity manager that helps to protect your privacy.

Create a unique email alias for each website

Your email address is your identity. Proton Pass helps you protect your email address by generating unique email aliases for each of your online accounts.

By using hide-my-email aliases, in the event that any of the services where you have an account is hacked, malicious actors cannot discover your real email address.

Furthermore, if your email alias is sold or leaked by a third party, you can easily disable it to stop spam.

Metadata encryption

Passwords are not the only sensitive data a password manager contains.

Metadata, such as the websites you have accounts with, is also extremely sensitive as it may reveal your email, browsing history, political views, and other information you want to keep private.

Proton Pass doesn’t just encrypt the password field but applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in your encrypted notes.

This data is never available to Proton and consequently also cannot be extracted by third parties.

Swiss privacy

As a company based in Switzerland, Proton is protected by some of the world’s strongest privacy laws and outside US and EU jurisdiction.

We are prohibited from sharing the little user data we have with any foreign authorities, and under no circumstances, are we able to decrypt the data you save in Proton Pass.