It’s remarkable how quickly Proton Pass has evolved. The app is a little over two years old, and Proton has quickly moved to transform Pass from a bare-bones browser extension into one of the best password managers on the market. Major updates seem to show up every month or two. Even as I write this review, Proton launched an emergency access feature less than two weeks ago.
Proton didn’t catapult to the top of the password manager stack solely because of new features. It has a clear, consistent commitment to updates, combined with the best free password manager plan I’ve seen and a robust system of apps you can get for a single price. Proton Pass can stand on its own, but it stands even taller as part of Proton’s extensive suite.
Perhaps the greatest asset Proton Pass has is Proton itself. It’s a company with a long history when it comes to security and privacy, and those same principles are at play with Pass, from end-to-end encryption to open source applications.
What Can You Store in Proton Pass?
Proton Pass via Jacob Roach
Proton Pass gives you a lot of flexibility in what you store in your vault, due in no small part to the fact that Proton gives you a ton of storage space. Every entry supports text fields, two-factor authentication codes, notes, and attachments. You get 10 GB of storage with a paid plan, but Proton shares your storage space across your Proton account. With the Unlimited plan, you have 500 GB of storage.
Broadly, there are five categories of entries: logins (including passkeys), aliases, credit cards, notes, and identities. Proton has several other starting points to choose from, including everything from medical records to API credentials, or you can start from scratch and add fields as you see fit.
Regardless of whether you choose one of Proton’s starting points or start an entry from scratch, everything that falls outside of those five main categories is considered a “custom item,” which can make organization a little tricky. I resorted to using vaults as my main method of organization. Proton caps the number of vaults you can create at 50, but I can’t imagine a situation where you’d need more than that. Unfortunately, free users have access to just two vaults. With unlimited logins and cross-device sync, there had to be a catch somewhere on the free plan.
You can rename your vaults, but you can also assign them one of a few dozen icons, as well as choose from a handful of color presets. It’s a small addition, but a little color-coding goes a long way in finding what you need at a glance.
Beyond logins, you can also generate and store email aliases, similar to NordPass. It’s a standard feature, even if you don’t subscribe. Free users are capped at 10 aliases, while paying users can create as many as they want.
It’s not just a fake email tied to a real one. You can set up aliases like that, but Proton allows you to forward emails to multiple addresses, create catch-all addresses, and even reply directly from the web app. I appreciate the activity log most, though. Proton automatically creates contacts for everyone who interacts with your alias, and you can block spammy addresses without ever opening your email client.
No Desktop App
Proton Pass via Jacob Roach
Proton Pass was originally available only as a browser extension, but it now has apps for Windows, macOS, and even Linux, as long as you’re on a Fedora- or Debian-based distribution. I mainly used Pass in the browser, not only because it’s convenient but also because the extension is available on just about everything—Chromium-based browsers have access, and there are separate extensions for Firefox, Safari, and Brave.
The browser app has everything you need, and it works a treat when it comes to password capture and autofill. Proton occasionally asked me to save a password a second time after initially dismissing a capture notification. But outside of that small hiccup, I never encountered an issue with autofill for forms, logins, or credit cards.
Inside the app, you have a few features that aren’t available through the extension. The key feature is Pass Monitor, which is Proton’s security watchdog feature. It’ll show you weak passwords, accounts where you can enable 2FA, and critically, accounts that have been victims of a data breach. If you want to go further, you can turn on Proton Sentinel, as well.
Pass Monitor is great, but breach notifications have a problem. By default, Proton only monitors the email associated with your Proton account. If you’re importing passwords from another app, as I did, and you have different emails, those aren’t a part of the monitoring by default. And Proton doesn’t tell you that. You have to click into breach details and manually add addresses.
Proton Pass via Jacob Roach
Proton includes a short setup process when you first open the app, and dark-web monitoring should be part of it. You can easily overlook manually adding your email and miss breach notifications. The app didn’t show any breaches when I first started using it, but after manually adding a burner email for some logins in my account, I found it was involved in seven breaches. This really isn’t the type of feature that should be left to chance.
That’s my only issue with the desktop and web applications, thankfully. There are some useful upsides to these apps. You can unlock your account with a PIN instead of your account password, for example, which makes the 10-minute auto-lock less annoying to deal with. And Proton maintains a history of passwords it generates for two weeks, so you can look back in the event the capture fails and a new login isn’t saved to your account.
Password managers are always a little spotty on mobile if that’s not the primary place you create and store logins. Logins get associated with desktop URLs, and apps often redirect you elsewhere to log in. Proton Pass doesn’t solve that problem—it can’t—but it nails association. As I logged into apps with autofill, Pass silently associated whatever redirect I got on mobile to the proper login. It’s not seamless, and until mobile apps are designed more purposely around autofill, it never will be. But even after a week of using Proton Pass, I was no longer stumbling upon pesky login fields.
By default, your vault locks on mobile after two minutes, but you can adjust the lock time from immediately up to four hours. You don’t need to re-enter your password every time you need to unlock the app. It supports a custom PIN, along with biometrics on Android and Face ID on iOS.
My issue with the mobile app is that it only locks after the time you set. If you switch to another app and back to Proton Pass, your account stays unlocked. It even stays unlocked if you close the app completely and reopen it. The mobile app should lock immediately by default, or, at the very least, lock any time the app isn’t pulled to the foreground.
A Look at Proton Pass’ Security
Proton Pass via Jacob Roach
Any password manager worth its salt uses end-to-end encryption, and if there’s any company that knows a thing about end-to-end encryption, it’s Proton. The company has received thousands of court orders over the years and has been unable to hand over data, and it has won challenges to such orders in a Swiss court. Its email service, Proton Mail, has been blocked in Russia for years, and India recently started cracking down on its use, as emails can’t be decrypted or tracked. If Proton wants to store user data, lie about its encryption, and cooperate with the government, it’s doing a pretty terrible job.
Proton Pass uses the same end-to-end encryption as Proton Mail. That’s important in the context of password managers. It means that data is only ever encrypted or decrypted at rest. And to ensure a data breach wouldn’t expose your passwords, Proton has, miraculously, not suffered a major data breach yet.
Proton Pass uses an asymmetric user key. It’s a public-private key pair, and only you hold your private key. When you make a new vault, a vault key is generated that’s encrypted with your user key. Items within a vault are encrypted with a random item key, which is then encrypted with your vault key, all with 256-bit AES-GCM. In short, Proton stores your data, but it doesn’t have the means to decrypt that data, and that data can’t be intercepted and decrypted while it’s in transit.
This is a tried-and-true security model for a password manager. Proton Pass doesn’t go as far as 1Password with its unique Two Secret Key Derivation, but it’s still a secure, zero-knowledge model. Proton also has a stellar track record when it comes to user security and privacy, which is shocking considering how big a cybersecurity target is painted on its back.
At first glance, there’s one weak point in Proton’s security when it comes to Pass: it’s tied to your Proton account. You should be using a strong, unique password regardless, but a breach of one app could compromise others. Thankfully, Proton allows you to set an extra password specifically for Pass if you want.
You’ll need to enter your Proton account password first, then your Pass-specific password, to unlock your vault. It’s a hassle, but even in the unlikely event of a breach, and in the even more unlikely event that your Proton password is exposed, you’ll still have a layer of security. Thankfully, you don’t need to enter two passwords constantly. After authenticating, Proton Pass will automatically lock after a specified period of time (10 minutes by default). You’ll need to re-enter your password by default, but you can set up a PIN, as well.
GitHub via Lille Allen
On the plus side, Proton Pass is open source. Surprisingly few password managers open source their applications, but Proton is among them. Even with a secure foundation, application bugs can expose user data. Proton takes that seriously. Most major password managers have some sort of bug bounty program—as does Proton, offering up to $100,000 for critical flaws—but open source applications make finding those bugs much easier, and they allow security researchers to find bugs before they become a bigger issue.
Secure sharing is a standard feature in password managers, and the security model is fairly straightforward. Once again, a public-private key pair is at work when you share items or full vaults with Proton Pass. Unique to Pass, however, is Proton’s Key Transparency system.
As battle-tested as public-key cryptography is, it’s still susceptible to man-in-the-middle attacks if an attacker can spoof a public key. It’s a highly targeted attack that’s out of the question for most users, but Proton still has a system in place to get around a potential attack. The Key Transparency system stores address keys connected to Proton users before they’re hashed and anonymized, and stored on a private blockchain. It’s a directory of users, just identified by keys and ciphertext instead of names and email addresses. When sharing with Proton Pass, the public key is checked against this ledger to ensure it’s a legitimate user.
Proton Pass has grown up fast. It couldn’t hope to match other password managers two years ago, and now, in some areas, it exceeds even the old guard. It has also taken up the mantle left in the wake of disastrous breaches with LastPass, offering a free, bare-bones password manager with unlimited login storage and cross-device sync.
As a paid password manager, Proton Pass still holds up. Individual and family plans are competitive with 1Password and NordPass and are a touch cheaper than Dashlane. The real strength comes through Proton Unlimited. Between a VPN, encrypted email, 500 GB of storage, and one of the top password managers on the market, it’s hard to beat.
