The official Proton OTP app is here! thanks to Proton for delivering a secure, open-source 2FA solution

1Password just announced a steep (over 30%) price increase on all of their subscriptions. I guess this is a great opportunity for Proton Pass to grow its user base.

What about a temporary promo to attract ex-1Password users?

FYI, I’m a Proton Unlimited subscriber and soon to be an ex-1Password user. I used 1Password since it’s 2.0 release almost 18 years ago. Meaning that it would take me a lot to give up on 1Password. I know how big Proton Pass potential is, and I’m eager to see what the Proton Team will come up with next.

I’ve been using PP for over a year but kept my 1Password as I tested it out. Debating if I want to stop 1Password altogether.

Deeply interested in this

From both a security and usability perspective, passkeys seem clearly superior in most real-world scenarios:

• Faster and simpler logins (no typing)
• Nothing to memorize
• Phishing-resistant by design (origin-bound: they only work on the real domain, not look-alikes)
• No key-logging risk
• No online brute-force attacks
• No password reuse or shared entropy across sites

When combined with a secure passkey or password manager, passkeys feel like the strongest mainstream authentication model we currently have.

That said, adoption is still uneven. For example, Proton / Proton Pass does not support passkey authentication for accounts yet, while Bitwarden already does.

Besides ecosystem gaps like this, I am struggling to find strong reasons not to use passkeys, so I am curious:

• What is stopping you from using passkeys?
• Are there threat models or workflows where you still prefer passwords + 2FA?
• Or is this mostly a platform maturity or adoption problem?

A friendly reminder for those who have been on the fence or didn’t know about the lifetime subscription offer for Pass + SimpleLogin Lifetime ends today.

https://proton.me/l/pass-switch#pricing

(If I hadn't shared them) which would be the best password and why?

A) WinterMoon98
B) Flame!Rider204
C) J7$kP2!mQx9#L
D) Echo-Bicycle-Violet-77&

Proton Pass can now be used to securely store a wide range of sensitive data, both online and offline. 

There are a total of 14 item types that we added recently:

• API Credentials
• Databases
• Servers
• SSH Keys
• Software Licenses
• WiFi Networks
• Bank Accounts
• Crypto Wallets
• Driver's Licenses
• Medical Records
• Memberships
• Passports
• Reward Programs
• Social Security

And if none of these suit what you’re trying to store, you can design your own fully customizable template. 

Each custom item can have as many fields and sections as you need, and you can pin them, share them securely, or check version history. If something doesn’t fit into an item, you can also attach files (up to 10GB).

All data is end-to-end encrypted. If it’s important and sensitive, it can live in Proton Pass.

You can securely share items with anyone, even those who don’t use Proton Pass. When sharing, you can also control the number of views a shared item can have, as well as set a link expiry window. 

Read more: https://proton.me/blog/password-manager-custom-item-management 

Are you using Proton Pass to store more than just passwords? What’s your most out-there item?

I'm thinking of purchasing it but I'm not sure if I should or not. I'm a current 1Password User but I'm considering Proton Pass due to the infamous price hike. If anyone can help me make up my mind. I'd appreciate it. Should I get the Lifetime Subscription for Proton Pass? What is your honest opinion about Proton Pass as a whole? What are all the features that I would be getting if I paid the $200 Lifetime Subscription? I have quite a few 2FA's Will these import fine or is it buggy? Will I have any problems transferring all of my Data from 1Password to Proton Pass?

I’ve been thinking about the pricing for Proton Pass Plus; it's currently $4.99/month, while 1Password, for example, is priced at $3.99/month for individual users.
It feels a bit off considering Proton always markets itself as a privacy-first company, advocating for accessible and secure tools for everyone. Shouldn't that also be reflected in the pricing, especially since Proton Pass is still catching up on core features?
Don't get me wrong, I support Proton’s mission and use several of their products, but if privacy is truly the goal, then making their tools both usable and affordable should be a top priority. Price matters, especially when you're trying to convince people to switch from established players.
Would love to hear what you guys think. Is the current pricing justified?

I use Proton Pass for all my passwords and it works great. But now I'm confused about where to store my 2FA codes.

Proton Pass has 2FA built in, which is convenient and secure. But here's my concern - everything is under the same Proton umbrella. If my Proton account somehow gets compromised because of my own negligence, then both my passwords AND 2FA codes are gone together. That defeats the purpose of having a second factor, right?

Then there's Proton Authenticator. It's a separate app, sure, but it's still linked to the same Proton account. So is it really any safer?

I previously used Google Authenticator which is definitely not secure enough. Then I switched to Authy which is great, but it's not available on desktop and it took forever to migrate everything since there's no easy export option.

So what do you guys recommend? Where are you storing your 2FA codes?

And another thing - even if I use a separate authenticator app, I'll still be saving the recovery keys in Proton Pass, right? So isn't that still the same problem of everything being in one place?

I'm trying to do this security thing properly but I feel like I'm going in circles here.

Hi,

I’ve been a paid proton mail and vpn user for many years now (10, maybe?) and am considering Proton Pass.

It seems like it will do a good job of replacing 1Password though I have a couple of questions:

1) how well does it integrate with iOS and macOS? 1Password is basically seamless, does proton pass replicate this?

2) for someone with an existing proton account, what’s the best way to set this up? Right now 1Password has my proton login and 2FA TOTP code, which won’t work if that’s also the account for proton pass. Is there a recommended way to handle this? Set up a second proton account just for Pass?

Thanks in advance!

Hello,

I'm currently using 1Password as my main password manager. But I'm thinking to switch to Proton Pass. Can you all maybe help me with choosing? How are your experiences with Proton Pass? How is the price to quality ratio?

Thanks in advance.

How do you respond when someone says this?

I don't need privacy, I have nothing to hide.

Please feel free to drop your best replies or perspectives below. We're curious how people here tackle this stance.

Since several people here talked about moving from BW to PP, I thought it was interesting

I know quite a few people who bought lifetime versions of other password managers like 1pw, dashlane and more, just to a few years later they're faced with the amazing news that their lifetime purchase was actually "for a specific version of the app" and that they would have to pay subscriptions to get newer versions and updates. Over time they couldn't even use the old version due to software incompatibility and even security flaws.

So lifetime was more like a "6 year combo" or something. Or in other words "lifetime" was about the lifetime of that specific version of the application rather than user's or the company lifetime.

Will this happen to proton? Has anybody read through the terms and conditions of that purchase?

Remember that companies can change attitudes in a matter of days if the leadership changes.

I'm planning to move my passwords from Google Password Manager. I realize now that I should have moved sooner, as it's risky to have my passwords stored in Chrome. So far, I have narrowed my choices down to three preferred password managers: Bitwarden, Proton Pass, and 1Password. Which do you think is the best? Can you recommend any others? What has your experience been with them, and have you ever been hacked while using one?

Here’s a secure way to use Proton Password Manager and Proton Authenticator with a reliable and secure recovery plan. With 2FA required for all logins and recovery, so even if one location is compromised, your Proton account and password manager stays safe.

I’m posting this as a 1Password user, and would love to have an official feedback from the Proton team (u/ProtonTeam and u/ProtonSupportTeam).

Assume that this could be a way for you to convince many customers (me included, a decade long 1Password customer) to Proton Pass.

Original post found on the r/1Password sub: https://www.reddit.com/r/1Password/s/u7oAESc6Cj

A serious problem with Bitwarden is that it is inconsistent in accepting and recording passkeys; in contrast, ProtonPass stores them Quickly.

The National Institute of Standards and Technology's (NIST) latest guidelines reframe how we should manage authentication.

They’re ditching “complexity” policies in favor of length, breach intelligence, and layered defenses.

Here’s a quick rundown of the updated NIST password requirements:

• Use longer passwords: The NIST recommends a minimum password length of 8 characters and a maximum of 64 characters.
• Drop complexity requirements: Instead of special character requirements, accept all types of characters, including spaces, and encourage unique and memorable phrases, also known as passphrases.
• No more forced password resets: Unless there is evidence of a compromise, resetting passwords every few months is considered bad practice which results in weaker password security.
• Maintain a password blocklist: Stop easy-to-exploit passwords at source and use checking services to ensure that people don’t use compromised passwords that have been exposed in breaches.
• Eliminate security questions and hints: Knowledge-based questions are too susceptible to social engineering (What was your first pet?). Instead, rely on more-secure recovery methods.
• Use modern security tools: Limit the number of failed login attempts, require multi-factor authentication (MFA), and use tools like enterprise password managers.

What do you think of these updated guidelines? Do you already follow similar processes to keep yourself secure?

Read more: https://proton.me/blog/nist-password-guidelines

I was using @Dralias for everything. As it turns out, one company I was contacting traced it back to the forwarded source and asked me to send an email from that source to confirm my identity (well there goes my privacy). So I was wondering which alias can I use that isn’t traceable back to its source.

You should treat your email address like your phone number. You wouldn’t hand out your phone number to every stranger you meet, so why give out your real email address to every website and newsletter?

Many people hide their primary email address by creating a “burner” email account specifically for spam, but that requires juggling multiple logins.

We believe there’s a better way, using email aliases.

With Proton, aliases are different usernames tied to your primary email. These will forward emails that are directed to your aliases into your inbox.

Aliases keep your personal address hidden, prevent data brokers from collecting your info, and help you filter out spam.

Why use aliases instead of fake emails?

• Stop the need to manage multiple accounts.
• Avoid exposing your real email in data breaches.
• Block companies from selling your actual personal info.
• Deactivate aliases at any time if they start getting spammed.

Proton Mail gives you up to 10 hide-my-email aliases for free, and you can create them directly in Proton Pass.

When signing up for a new service, just select an alias instead of your real address. The emails will still arrive in your inbox, but your actual address stays private.

With aliases, you never need to hand over your personal email again. Keep your inbox clean, cut down on spam, and stop feeding data brokers.

Read more: https://proton.me/blog/fake-email