The company behind end-to-end encrypted email service Proton Mail has announced the launch of its own secure password manager, Proton Pass. Currently, a limited number of users can try its beta version, but later the program will be opened to the general public for free.
Course
Frontend development
Proton Pass can store passwords, email addresses, URLs, and notes. Like the company’s other products, Proton Pass uses end-to-end encryption (E2EE), which should protect your personal information from prying eyes (third parties, including Proton itself).
Today we’re launching the Proton Pass beta.
With Pass, we use our distinctiveness and probability of knowledge to the service that many of you intend.
Later on, Proton Pass will become a free password manager for all Proton users. Learn more here: pic.twitter.com/tkLl7SZN5S
— Proton (@ProtonPrivacy) April 20, 2023
Data decryption requires a user key, and cryptographic operations are performed locally on your device. Even if Proton’s servers are hacked, this data should be safe.
This is important because seemingly innocuous information (like saved URLs that many other password managers don’t encrypt) can be used to build a very detailed profile about you. For example, if an attacker sees that you have saved passwords for a Grindr account or a Manga fan site, they will learn a lot about you as a person, even if they don’t actually have access to your account,” wrote Proton founder and CEO Andy Yen
This zero-knowledge security model is the same type of feature touted by other popular password managers, including 1Password and LastPass. The latter was the victim of a major data breach last year, after hackers stole its source code and encrypted password stores, security experts criticized the company’s response, and researcher Jeremy Gosney said that “LastPass’s ‘zero knowledge’ claim is a blatant lie”.
The company’s new password manager comes just over a year after Proton acquired SimpleLogin, a tool that lets you send anonymous emails. Yen says the acquisition “increased the company’s password manager development capabilities” without affecting other Proton services, and should help reduce the risks associated with using an insecure password manager with Proton’s product range.
Course
“Developing games with Roblox Studio”
Is your kid crazy about Roblox? Will develop games with us!
There are still places
Proton plans to open-source its password manager and is offering up to $10,000 in rewards to security researchers who find vulnerabilities in Proton Pass and its other products. The app is currently available in beta on desktop, Android, iOS, and as a browser extension for Brave and Google Chrome, with a Firefox extension coming soon.
Source: The Verge, Techspot