Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager.
Proton has been offering various privacy-focused products and services for some time, including the end-to-end encrypted Proton Mail email service, the Proton VPN service, and the Proton Drive cloud storage service.
Proton Pass is the latest addition to the company’s data and privacy-protection product portfolio, giving users a secure, end-to-end encrypted vault to store their passwords and notes.
“We’re happy to announce the global launch of Proton Pass, available now as a browser extension on most major browsers (Chrome, Firefox, Edge, Brave, and more) and iPhone/iPad and Android.” reads the Proton Pass launch announcement.
What makes Proton Pass stand out
Apart from the password generation functionality, a standard feature on all modern password managers, Proton Pass will also enable users to create a “hide-my-email alias.”
This randomly generated email address acts as a relay point between the online service and your actual email account, preventing service providers from identifying or tracking you.
This email forwarding system was first introduced in Proton Mail in January 2022, filtering out marketing trackers and other hidden tags before the message reaches your primary inbox.
These email aliases also limit the repercussions of data breaches, as the email address exposed in these cases will be unique to your account at a website, making them useless to hackers to use in credential stuffing attacks.
Credential stuffing attacks are when threat actors use credentials leaked in data breaches to try and log into other sites owned by the exposed user.
Another element that differentiates Proton Pass from other free password managers, according to its creator, is the use of strong bcrypt password hashing (instead of problematic PBKDF2 implementations) and a hardened implementation of Secure Remote Password (SRP) for authentication.
Moreover, contrary to other password managers that only encrypt the password field, Proton Pass encrypts everything, including the username, web address, and any other data the user saves on each item.
The vendor’s assurances on the robust security architecture will soon be verified by independent auditors at Cure53, who are currently examining the software’s code for weaknesses.
Lastly, Proton emphasizes its “privacy-friendly” Swiss jurisdiction as an advantage over other products, implying that Swiss law enforcement authorities will only request user data reviews from the company in verified instances of illegal activity.
Some limitations
The free version of Proton Pass gives users unlimited logins and encrypted notes but only provides ten hide-my-email aliases and only 2FA autofill for 3 logins.
For unlimited 2FA and private email addresses, users must pay for Proton Pass Plus, which costs $1/month (annual charge) until the end of July 2023. After that date, the product will have a regular price of $3.99.
Subscribers to Proton Unlimited, Business, Visionary, or Family plans, will get the premium version of Proton Pass without an additional charge.
For now, the password manager is available to download as an app for the Android and iOS platforms and the Chrome, Firefox, Edge, and Brave web browsers as an extension.
The Proton team has promised to release desktop versions of Proton Pass for Windows and macOS, but these are unavailable at this time.
Those interested in seeing Proton Pass’ source code may view it from the project’s GitHub repository.