ProtonBlog

Proton Pass is now in beta

Udostępnij tę stronę

Today, we’re happy to announce another significant milestone in the growth of the Proton ecosystem with the launch of the Proton Pass beta for Lifetime and Visionary users. Invites will roll out over the next week, and you’ll receive an email from us at your Proton Mail email address when you’re eligible.

A password manager has been one of the most common requests from the Proton community ever since we first launched Proton Mail. However, while Proton Pass uses end-to-end encryption to protect your login credentials, it will be much more than a standard-issue password manager. This will become clear over the next weeks and months as we prepare Proton Pass for a public launch later this year.

Learn what a password manager is and why you need one

In 2022, Proton joined forces with SimpleLogin to bring millions of Proton users advanced hide-my-email aliases. Making logins more secure, more private, and easier was a core part of the original vision of SimpleLogin. In fact, Son Nguyen Kim, the founder of SimpleLogin, picked the name SimpleLogin for precisely this reason.

The merger united two organizations with a shared interest in tackling this problem. That’s why the SimpleLogin team, joined by a few engineers from Proton, spearheaded work on Proton Pass.

We’re launching Proton Pass now for two primary reasons. First, joining with SimpleLogin increased our ability to develop a new password manager without impacting efforts on other Proton services. Second, passwords are such sensitive information that an insecure password manager is a risk to the Proton community. 

If an attacker obtains your password (be it through a data breach or hacking your password manager), they can essentially bypass all of Proton Mail’s advanced encryption. Protecting your passwords properly requires a high level of competence with encryption and security, which few organizations have. We’ve always been worried about the risk posed by a major password manager breach, which unfortunately became a reality with the recent hack of LastPass(new window).

Raising the bar on security

Proton Pass is not just another password manager. It’s perhaps the first one built by a dedicated encryption and privacy company, leading to tangible differences in security. For example, while many other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more).

This is important because seemingly innocuous bits of information (such as saved URLs, which many other password managers don’t encrypt) can be used to create a highly detailed profile on you. For example, if an attacker can see that you have passwords saved for an account with Grindr, gop.com, or even a manga fan site, they’ll know a lot about you as a person, even if they can’t actually access your accounts. 

Cryptographic details matter, and Proton Pass uses a strong bcrypt password hashing implementation (weak PBKDF2 implementations have made other password managers vulnerable) and a hardened implementation of Secure Remote Password (SRP) for authentication. Proton Pass is also a password manager that includes a fully integrated two-factor authenticator (2FA) and supports 2FA autofill. This is meant to make it easier to use 2FA everywhere since it’s one of the most effective safeguards for your online accounts.

Read the Proton Pass security model

Like every other Proton service, Proton Pass will be open source and publicly auditable upon launch, so anyone can independently verify our security features and their implementation.

What’s next?

After fielding thousands of requests over the years, we’re glad to deliver a password manager to the Proton community. The Proton Pass beta is available on iPhone/iPad, Android, and desktop (browser extensions are available for Brave, Chrome, and Firefox)

With some of the features we have planned, we think that Proton Pass will be a milestone for password managers in general and redefine the role password managers play in our online lives. We look forward to receiving your feedback in the coming days and weeks and getting Proton Pass out to everybody as soon as possible. Over time, we will add more details to the new Proton Pass website: proton.me/pass.

If you have feedback, you can email us directly at pass@proton.me or let us know on Twitter @ProtonPrivacy(new window) or Reddit at reddit.com/r/ProtonPass(new window).

Update April 28, 2023: Added that the Proton Pass browser extension for Firefox is now available.

Chroń swoją prywatność z kontem Proton
Utwórz bezpłatne konto

Udostępnij tę stronę

Andy Yen

Andy is the founder and CEO of Proton. He is a long-time advocate for privacy rights and has spoken at TED, Web Summit, and the United Nations about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in particle physics from Harvard University.

Powiązane artykuły

en
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
en
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
en
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe
en
Last week, the UK government made a statement in the House of Lords acknowledging that portions of the controversial Online Safety Bill might not even be technically enforceable without breaking end-to-end encryption. This rightly received a lot of a
What is email spoofing?
en
Email spoofing is a technique attackers use to make a message appear to be from a legitimate sender — a common trick in phishing and spam emails. Learn how spoofing works, how to identify spoofed messages, and how to protect yourself from spoofing a
en
Google Chrome is the world’s most popular web browser by far, with over 3 billion users. Its built-in password manager, Google Password Manager, is its default software to create and store passwords for websites and services. Although convenient for