We need this feature. I think I will have to use Bitwarden until this is resolved.

I was awaiting the feature request earlier that was for a second password for Proton Pass... But I believe that was misunderstood. I do like the "second password" on top of the original password feature.

However, my main use case is actually storing my Proton service password within Proton Pass itself. If I move devices, etc. I need to know the Proton service password to be able to access Proton Pass, but it's a random password generated by and stored within Proton Pass. A chicken and egg scenario.

With this feature, we're hoping that we have a separate password to login to Proton Pass so that we can store the other Proton Services password within Proton Pass and not get locked out from everything (that way we can have a very strong Proton Services Password that doesn't need to be memorable).

Hopefully this comment helps! Thanks for all your work on these fantastic products/services!

Dear Proton Team,

As a long-standing Proton Unlimited user, I wanted to share my thoughts, like many others did, on this feature.

I’ve been extensively using most of your services—Mail, Drive, VPN, and Calendar—and I’m consistently impressed by the level of privacy and usability you provide. For a long time, I relied on a separate password manager for storing and managing my credentials, while using Proton Pass primarily for hide-my-email aliases and less critical passwords.

Recently, I decided to migrate my passwords entirely to Proton Pass due to its excellent usability, the wonderful Pass Monitor feature, and the overall seamless experience. To that end, I updated my master password, which was a complex but unmemorable password, to a complex but memorable one.

However, like others, I feel uneasy about using the same master password—the encryption key—for all Proton services. My primary concern is the potential risk of my encryption key being compromised while using a less sensitive service. Even with 2FA enabled, if the encrypted data were ever leaked in a breach, someone could just decrypt all the data and access it. This isn’t just about protecting the account anymore; it’s about protecting the data itself.

While I understand that the current unified encryption model works well for most users, I personally feel it would be beneficial to have the option for separate encryption keys for different services. For instance, I’d like to use one encryption key for Proton Pass, another for Mail and Drive, and I wouldn’t mind using my Proton account master password for calendar and VPN, as these contain very different types of sensitive information. This would ensure that even in the event of a breach, exposure is limited to one category of data, providing an additional layer of security.

Of course, I would still be deeply concerned if someone accessed my emails or Drive files, but it feels significantly riskier to have all my passwords tied to the same encryption key. And with hardware security keys like Yubikey protecting account access, it’s possible to prevent unauthorized login attempts. The challenge is more about protecting what malicious actors could decrypt if they ever obtained both the encryption key and the encrypted data.

I truly appreciate the work you do to provide a secure ecosystem for your users, and I hope you will consider adding this feature to provide greater flexibility and control over encryption keys for those who desire it.

Thank you for taking the time to consider this feedback.

This is not what is needed? we need a completely separate password for every program, rather the option to do so. Not the option to have a side by side password.

@Delivator

If you have a device you don't feel comfortable logging in with your password manager master password (where I assume the most sensitive info is for most users) but still want to use your VPN, drive, or mail for example. Having to memorize two, truly secure, passwords for this is cumbersome. A single strong password is also more secure than using two weaker passwords, where only one is used for encrypting your data.

As an ultimate subscriber I would have to pay again to activate a new premium account. At that point I just use bitwarden because its cheaper. While I recognize the use case is relatively niche, a two password system, with an additional possible mailbox password isn't the answer either. It becomes too clunky for the end user without completely addressing what was asked.

I don't understand this request.If you want your proton pass to be completely seperate from other proton services, just create a new account? Otherwise just use the PIN or biometric authentication. I never have to enter my proton passwort to access pass. Just once when linking my account.

They Implemented a feature that allows you to add an extra password to open Proton Pass once you already have logged into your proton account, which doesn’t **FUKING**** make any sense because you have to already know your account password to then enter the second password to log into your Proton Pass, which is ****FUKING*** ****BS****

It would be nice to know if this suggestion is ever accepted and implemented. Otherwise I will cancel my membership. A separate password for Pass is essential.

That didn't answer on the feature request, so that can't be complete.
We have asked to have a separate account password from the mail account.

be as throw as possible

Sooo, what is the status now @Proton? It seems there was quite the misunderstanding here?

It is very off-putting that this request isn't even under review, and the previous feature request for the same thing, with over 1,000 votes, was closed after the implementation of a second password.

We did **not** ask to enter a second password to login to Proton Pass. We asked for the ability to enter **one password, separate from our main Proton login,** to login to pass.

We don't want an additional password. Pass should have its own/separate master password. That's the point of a password manager. Remember a secure password. If I set up a new PC, how do I get to my Proton account? If you generate a 50-character password for your Proton account, for example, how are you supposed to remember it?

Proton has worked against this request and closed it. According to the motto, look, we've given you a password.

I'm shocked that there is no separate master password for Pass. This definitely needs to be added. How can I log in on a new PC if I don't know the Proton password? You can't log in anywhere like this. Please implement it!
This makes the change from 1P to Pass impossible.

As I understand it, Proton thinks that this request is fulfilled with the additional password. But that was never what the customers wanted. It will probably never happen, which is a shame!

I am a Bitwarden user and I tried to use Pass to potentially have it as my password manager. However, I was not able to login without Bitwarden due to the 2FA! So, Pass is good, but it's not ready for needs.

Given the single-sign-on account cookie hijacking threat described here, in a 2018 helpnetsecurity.com article:
https://www.helpnetsecurity.com/2018/08/22/single-sign-on-account-hijacking-threat/
I am extremely concerned about the risks entailed in the use of my ProtonMail password for any other Proton services.

In response to the comment below, by Jelmer Hartman, users should have the option to employ as much security to their E2E encrypted accounts as they wish. Perhaps it is true that some may wish to use a simple password to secure their password managers, but others of us are coming from outside password managers which already have a complex master password that we have known for years, and which, additionally,, is backed up, elsewhere, in the event that there is ever a problem with it. In that scenario, it is not so much a matter of wanting to store a strong password and secure it with a weak password -- OR one of securing a weak password with another weak one -- but basic account security to require unique strong passwords for every individual critical account. I, myself, do not have any technical computer training, but the lack of this capability through Proton's leaving of the initial password in place and simply adding another one to it, both of which can be used to access ProtonPass, is what is stopping me dead in my tracks from adopting their password manager. Until this product is capable of being secured as well as my current password manager (leaving my ProtonMail account also fully secured), it will not be a serious option for me to consider employing.

Most of the reasoning below is fundamentaly wrong. If you use a simple to remember password and then store you email password using that, it is not better than using a simple email password in the first place. Your email account is as sensitive as your password manager because most services allow you to reset your password using it. So the best way would be to have a different password for email and password manager. That only makes sense if you do not store your email password in your password manger. Using an extra password for proton pass give you exact the same level of security. So, altough this feature request would not fundamentaly weaken the security of the solution, the people who think they need to use this feature would probably weaken their personal security considerably because of it.

Adding an extra password is not what the request was about. How can you close this ticket without solving it?

This is literally what's preventing me from switching from Bitwarden. I will not change my random Proton password to a "simpler" one just to be able to use Proton Pass.

Also, the possibility to have an additional password only for the password manager makes no sense at all, as I would need to remember the "main" and the "pass" passwords.

I don't know my Proton password. Like others, I would like to be able to unlock other Proton services (Mail, Drive, Wallet, etc.) using a passkey or 2FA. I understand that this likely represents a re-architecture of your authentication and/or key generation strategy but many do not. It would be worth making a statement explaining this and the work you are doing to address this need in one of your next product update emails.