Proton AG announced the worldwide availability of Proton Pass, a free, open-source password manager available as a browser extension or mobile app on Android and iOS.manager.
Proton has offered a variety of privacy-focused products and services for some time, including the end-to-end encrypted messaging service Proton Mail, the VPN Proton service and the Proton Drive cloud storage service.
Proton Pass is the latest addition to the company’s privacy and data protection product portfolio, providing users with a secure end-to-end encrypted vault to store their passwords and notes.
“We are pleased to announce the global launch of Proton Pass, available now as a browser extension on most major browsers (Chrome, Firefox, Edge, Brave, etc.) and iPhone/iPad and Android.” read it Announcement of the launch of the Proton Pass.
What sets Proton Pass apart
Besides the password generation feature, a standard feature on all modern password managers, Proton Pass will also allow users to create a “cache-my-email alias”.
This randomly generated email address acts as a relay point between the online service and your real email account, preventing service providers from identifying or tracking you.
This email forwarding system was first introduced in Proton Mail in January 2022filtering out marketing trackers and other hidden tags before the message reaches your main inbox.
These email aliases also limit the repercussions of data breaches, as the email address exposed in these cases will be unique to your account on a website, making them useless to hackers during data stuffing attacks. credentials.
Credential stuffing attacks occur when threat actors use credentials leaked during data breaches to try to connect to other sites belonging to the exposed user.
Another thing that differentiates Proton Pass from other free password managers, according to its creator, is the use of a strong bcrypt password hash (instead of problematic PBKDF2 implementations) and hardened implementation Secure Remote Password (SRP) for authentication.
Also, unlike other password managers that only encrypt the password field, Proton Pass encrypts everything, including username, web address, and any other data the user saves. on each element.
The vendor’s assurances of robust security architecture will soon be verified by independent auditors from Cure53, who are currently reviewing the software code for weaknesses.
Finally, Proton emphasizes its “privacy-friendly” Swiss jurisdiction as an advantage over other products, implying that Swiss law enforcement authorities will only ask the company to review user data only in verified cases of illegal activity.
The free version of Proton Pass offers users unlimited logins and encrypted notes, but only provides ten hide-my-email aliases and only 2FA autofill for 3 logins.
For unlimited 2FA and private email addresses, users must pay for Proton Pass Plus, which costs $1/month (annual fee) until the end of July 2023. After that date, the product will have a regular price of 3 $.99.
Subscribers to the Proton Unlimited, Business, Visionary or Family plans will receive the premium version of Proton Pass at no additional cost.
For now, the password manager is available for download as an app for Android and iOS platforms and Chrome, Firefox, Edge and Brave web browsers as an extension.
The Proton team promised to release desktop versions of Proton Pass for Windows and macOS, but these are not available at this time.
Those interested in seeing the Proton Pass source code can view it from the project GitHub repository.