How about a service like LastPass or 1Password to make it easy to store all passwords and secure notes either online and synced with other computers and devices, or locally on one device. A secure password manager using the best of ProtonMail/ProtonVPN services
Thank you for your suggestion. Password security is incredibly important and something we take very seriously at Proton Technologies. We will consider add a Password Manager to our product suite roadmap.
Enpass allows a user to store all files offline on any disk. It's not as pretty as the main players but it's always getting updated and it doesn't force update. You can opt in or out without delay each update. The other thing I like is that you get the option of downloading the app from enpass not from stores. They also have a similar active users forums for ideas and there's always enpass input. I've been using it for years. The password system is pretty extensive and they have all sorts of checks you can do for keeping things secure. The favourite feature for me is being able to store backups completely offline in multiple locations and having the choice of not having to sync online to get all devices on par. It's also a bargain because it's one payment for life.
This ProtonVault better have zero-access encryption and be open-source
As others have pointed out, this would be a waste of Proton's resources.
Go with Bitwarden. It's open source, cheaper than the alternatives, has support for multiple 2FA methods (U2F keys, non-U2F Yubikeys, TOTP, Duo Security, SMS), and it's super cheap at just $10 a year.
Think about Proton! Threat Model! They are doing us well enough with what they provide.
Please don't re-invent the wheel. There are already so many excellent cross-platform password managers such as 1Password. Try Bitwarden if you insist on open source. This would be a waste of Proton's resources.
Jerald James Capao commented
This is great idea! I am currently using Dashlane, but I would love a password manager from Proton because starting next year, I will be using Proton services: email and vpn!
Great to hear you're considering this option! The only things is, I just started with Last Pass very recently, so am hoping you'll offer a very simple approach to exporting/importing our data from them?? If not. I can envision repetitive strain injury for my poor little fingers on the horizon.....
The best would be an integrated Password Manager into the ProtonMail web UI.
I use LastPass for this at the moment, but rolling similar cross-platform/cross-device into the PM suite would be a great consolidation (and as I'm not sure where LastPass will go with their new corporate structure I'd like an alternative!)
Hello, Actually, I use Contacts to store my passwords, I only use name field with prefix pwd+... and the label "Role" where I write the password. It's just missing a field labeled like "Pwd" where you can put a very long string of caracteres.
Keepass is free and opensource, works great. I wouldn't trust storing ALL of my password remotely.
Adam R commented
If you had a drive feature, using Keepass or another similar program would be an option and a lot less programming on your end.
This is completely redundant.
There are already a number of open-source password managers. The best and easiest, in my opinion, is Bitwarden, which is very much like Lastpass, except that it's cheaper and completely open source.
Lastpass is NOT a privacy-respecting option. Please realise that privacy and security aren't the same thing. Lastpass is SECURE because it stores your credentials encrypted. It is NOT private because the websites fields, which show which domains you have accounts with, are NOT ENCRYPTED, which means that you can be profiled according to the unique set of domains with which you have accounts. For more details read this: https://systemoverlord.com/2015/09/16/what-the-lastpass-cli-tells-us-about-lastpass-design/
The best non-synced (completely offline) password manager is KeePassXC, which is completely multi-platform, free and open source.
So no, there is no need for a "ProtonVault". A lot of other stuff should be fixed first with Protonmail, like email search, calendaring, support for multi-label searching and yubikey support for all browsers.
I want to be able to not have “Sent from my ProtonMail mobile” account in my signature.
I would love to use the password app of Proton.
[Deleted User] commented
there is nothing better than enPass now
Mad As commented
I'm with Bad Idea & Hunter Hogan: minus a bazillion.
If you want to get the Proton Devs attention show your support here:
Bad Idea commented
bad... BAD idea.... There are plenty of apps out there that already do this.
Moreover, you mentioned one of them - LastPass. You can also use KeePass or its derivatives for a local solution, if you do not trust LastPass storage.
The main idea behind ProtonMail is that IT IS NOT GOOGLE and it doesn't try to provide everything to everyone, because if it does, it's either going to go DARK or is going to have some flaws within the important services.
One important note in privacy is the fact that you have to decentralize wherever it is possible, thus keeping things separate.
Protonmail does a great job on e-mail, and tries to improve it, that is why a lot of people like it that much.
Hunter Hogan commented
MINUS 100,000,000 votes. I trust Protonmail. If you made a password manager, I would also trust the password manager. Nevertheless, a fundamental and indispensible aspect of Protonmail is that Protonmail cannot possibly access the keys. Your service is analogous to putting money in a bank vault. If you were to offer a password manager service, that would be only a few degrees away from writing the combination to the bank vault on the front of the bank vault. For a more concrete risk: if you have the password manager and the emails, that makes it easier for a court order to get closer to the email contents. (I know that it doesn't automatically make it possible, but it does make it easier.) As a former prosecutor, I implore you not to make it easier for governments to get to the emails. And, as a former system/network administrator, I must remind you that part of your job is to protect users from themselves. Please, reject this idea.
Luís Bragança commented
You can use fully open-source applications for that.
I use KeePass 2 for my Desktop, TinyKeePass on Android (available on F-Droid) and Tusk (extension) on my web browsers. These 3 programs are fully open-source and since they all use the KeePass protocol they're all considered safe.
There are already lots of open-source password managers. I think we should give share new and nonexistent ideas for proton team.