How to use Pass Monitor

Pass Monitor is a security feature in Proton Pass that scans the dark web for credential leaks, checks on the health of your passwords, and reminds you to switch on two-factor authentication (2FA) for accounts that offer it. This article will show you how to get the most out of Pass Monitor.

The Pass Monitor interface

Pass Monitor can be accessed through any Proton app*; for our instructions we will use the Pass web app. There, you open Pass Monitor by going to the bottom part of the left-side menu panel and clicking on Pass Monitor.

*Note: Pass Monitor will have a gradual release on mobile devices and will be available to all users by May 10, 2024. 

This window has three sections:

• Dark Web Monitoring: If you have a paid plan, this feature shows whether your data has been part of a data breach.
• Password Health: Here we alert you of any weak passwords, reused passwords, or inactive 2FA. This feature is available to everyone.
• Account protection: This section lets you enable the Proton Sentinel high-security program on paid plans, which detects and blocks account takeover attacks using AI and human security analysts.

Dark Web Monitoring

Clicking on Dark Web Monitoring takes you to all the email addresses associated with your Proton account — including any hide-my-email aliases you may have created, and up to 10 custom email addresses you can authorize to monitor.  If these addresses have been exposed in a data breach from a third-party service, you’ll see an alert in the Status column. The alert will also suggest actions you can take to secure your account and mitigate risks. 

At the bottom of the list you’ll also find some suggested custom email addresses you may want to monitor. You can add up to 10 verified custom email addresses, these are non-Proton addresses and hence will be shared with third party providers if you enable them for monitoring. Click on add to add them to the list and start monitoring them.

Password Health

Under Password Health you can find four types of alerts.

• Weak passwords: those that do not meet secure standards due to length or complexity
• Reused passwords: which, if leaked, could give attackers access to more than one account 
• Inactive 2FA: any accounts where you have not enabled 2FA to minimize the risk of unauthorized access
• Excluded items: In order to not clutter your view, items you have opted to ignore alerts on will be present here
  

In each case you can click on the section and get an overview of all the accounts and logins that fall into that category.

Excluding an item from monitoring

To exclude an item from monitoring — perhaps because the service in question doesn’t allow special characters in the password — you can click on the three vertical dots at the top of the entry, and there select exclude from monitoring. This will place the item in the excluded items category, where you can revisit it later.

Account protection

Finally, if you have a paid plan, you can also make use of advanced account protection through our Proton Sentinel program. The toggle switches it on or off. 

Learn more about Proton Sentinel