How about a service like LastPass or 1Password to make it easy to store all passwords and secure notes either online and synced with other computers and devices, or locally on one device. A secure password manager using the best of ProtonMail/ProtonVPN services
Thank you for your suggestion. Password security is incredibly important and something we take very seriously at Proton Technologies. We will consider add a Password Manager to our product suite roadmap.
Keepass is free and opensource, works great. I wouldn't trust storing ALL of my password remotely.
Adam R commented
If you had a drive feature, using Keepass or another similar program would be an option and a lot less programming on your end.
This is completely redundant.
There are already a number of open-source password managers. The best and easiest, in my opinion, is Bitwarden, which is very much like Lastpass, except that it's cheaper and completely open source.
Lastpass is NOT a privacy-respecting option. Please realise that privacy and security aren't the same thing. Lastpass is SECURE because it stores your credentials encrypted. It is NOT private because the websites fields, which show which domains you have accounts with, are NOT ENCRYPTED, which means that you can be profiled according to the unique set of domains with which you have accounts. For more details read this: https://systemoverlord.com/2015/09/16/what-the-lastpass-cli-tells-us-about-lastpass-design/
The best non-synced (completely offline) password manager is KeePassXC, which is completely multi-platform, free and open source.
So no, there is no need for a "ProtonVault". A lot of other stuff should be fixed first with Protonmail, like email search, calendaring, support for multi-label searching and yubikey support for all browsers.
I want to be able to not have “Sent from my ProtonMail mobile” account in my signature.
I would love to use the password app of Proton.
[Deleted User] commented
there is nothing better than enPass now
Mad As commented
I'm with Bad Idea & Hunter Hogan: minus a bazillion.
If you want to get the Proton Devs attention show your support here:
Bad Idea commented
bad... BAD idea.... There are plenty of apps out there that already do this.
Moreover, you mentioned one of them - LastPass. You can also use KeePass or its derivatives for a local solution, if you do not trust LastPass storage.
The main idea behind ProtonMail is that IT IS NOT GOOGLE and it doesn't try to provide everything to everyone, because if it does, it's either going to go DARK or is going to have some flaws within the important services.
One important note in privacy is the fact that you have to decentralize wherever it is possible, thus keeping things separate.
Protonmail does a great job on e-mail, and tries to improve it, that is why a lot of people like it that much.
Hunter Hogan commented
MINUS 100,000,000 votes. I trust Protonmail. If you made a password manager, I would also trust the password manager. Nevertheless, a fundamental and indispensible aspect of Protonmail is that Protonmail cannot possibly access the keys. Your service is analogous to putting money in a bank vault. If you were to offer a password manager service, that would be only a few degrees away from writing the combination to the bank vault on the front of the bank vault. For a more concrete risk: if you have the password manager and the emails, that makes it easier for a court order to get closer to the email contents. (I know that it doesn't automatically make it possible, but it does make it easier.) As a former prosecutor, I implore you not to make it easier for governments to get to the emails. And, as a former system/network administrator, I must remind you that part of your job is to protect users from themselves. Please, reject this idea.
Luís Bragança commented
You can use fully open-source applications for that.
I use KeePass 2 for my Desktop, TinyKeePass on Android (available on F-Droid) and Tusk (extension) on my web browsers. These 3 programs are fully open-source and since they all use the KeePass protocol they're all considered safe.
There are already lots of open-source password managers. I think we should give share new and nonexistent ideas for proton team.
Tohoo Vavohoo commented
There's a ton of great password applications out there. No reason for this company to spend time on it! Lots of other things you could be doing that haven't been done well.
I'd definitely use the ProtonMail Password Manager / Vault for life. I've been using LastPass for the past 3 years, but as easy and convenient as it offers, I still feel doubtful as the company has not clarified how and where our data are stored and used and it is also based in the US which makes it all the more scary, considering how powerful the government is. I've switched most of my email accounts to ProtonMail. I must say I've never felt any safer with any companies as with the ProtonMail Team.
Are Lomsdalen commented
I would gladly pay extra for this feature.
I paid for a VPN service ($7/month), before you gave us ProtonVPN
Paying $30 per month, is ,in my opinion, a steal for all the services you provide.
Hugo Peek commented
I'm also happy with using Keepass still and would rather see an option to securely backup (and possibly share) my keepass database, instead of yet another password manager.
ProtonTechnologies could host a bitwarden instance for us to store our encrypted password data with them. As a Bitwarden user it is a fine product, but I am not a fan how it is hosted on Azure under the US's jurisdiction. PM could buy a license to host it.
they do this already its called dashlane /bitwarden they would be wasting there time if they did this
I made a similar idea for a dongle type password that is like file upload but only gets the MD5/SHA of file and then uses that as a password. I posted about it here http://g0pg.xyz/filepassword I want to make it myself with php and mySQL
I currently use lastpass premium. I am happy that my data is encrypted by them but am no longer happy with my data being stored on US or EU data servers. I would switch and pay for the service
Obsolete. Especially synchronizing it across several devices opens up a password manager to various attack angles.
It's like sharing your girl friend with 100 guys and trusting her not to catch any STDs!
Lastpass is great but now that it has been bought by Logmein etc I don't really trust them .. 1Pass and others mentioned here where the passwords are kept locally are sort of OK, except that what if you have a few computers and locations? Hosting these on a Proton server might be a good idea ...
Meantime, a simpler searchable database on Proton X for URLs/ Passwords and address/ fill, routing info etc would be great. Copy and paste .. might be good enough if there are too many security holes when automatically filling in forms