Skip to content

How can we improve Proton Pass or Authenticator?

← Proton Pass & Authenticator

**Proton holds the line on passkeys as Big Tech drives lock-in**

Open Letter to the Proton Pass Community

Subject: Building a Stronger Proton Pass — Local Vaults, Hardware Keys, and True User Control

Dear Proton Team and Fellow Users,

Proton deserves real credit for implementing passkeys more responsibly than others: optional, open-source, and encrypted. But I believe we need to go further to give users the kind of control that serious security demands.

1. The Problem with Passkeys

Even when implemented responsibly, passkeys remain a software-based credential tied to device or cloud ecosystems. They introduce dependencies, limit portability, and remove true ownership of authentication. That’s why serious security organizations never rely on passkeys—they require hardware authenticators.

2. The Problem with Cloud-Only Password Vaults

Password managers themselves also need scrutiny. Most today (including 1Password, Dashlane, LastPass, etc.) default to storing encrypted vaults in the cloud. That’s convenient, but it’s also:

  • A single point of failure if the service is ever breached.
  • Dependent on the provider’s infrastructure and policies.
  • A step away from the early model of local-only encrypted vaults (which is how 1Password originally worked).

3. A Better Path Forward for Proton

Proton is uniquely positioned to give users real choice between security models. I propose Proton Pass and Proton Authenticator support three tiers:

  1. Hardware Keys (Best Practice): YubiKey, SoloKey, Nitrokey — the gold standard for authentication. Should be prominently promoted.
  2. Local-Only Vaults: A user-controlled option where the vault is encrypted and stored only on their device(s), never synced to the cloud. Sync could be done manually (e.g. export/import, Proton Drive, or user-chosen secure channel).
  3. Cloud-Encrypted Vaults: The current model, convenient and still private with Proton’s E2E encryption, but with clear disclosure of trade-offs.

And one constant across all tiers: avoid passkeys. At most, keep them strictly optional, never default, and clearly explain their risks.

4. Why This Matters

  • User sovereignty: Users should be free to choose between maximum security (hardware + local) and maximum convenience (cloud), with Proton guiding them clearly.
  • Security integrity: The highest-risk organizations (government, defense, finance) all use hardware authenticators and often local credential management — never passkeys. That’s the model worth following.
  • Trust: Proton can lead by offering what no Big Tech password manager dares to: full user control of authentication.

In closing: Proton has already shown courage by resisting Big Tech’s push for passkey lock-in. Now there’s a chance to go further: bring back the option of local-only vaults, elevate hardware tokens as the gold standard, and keep passkeys safely off the main road.

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

MagAu shared this idea  ·   ·  Report…  ·  Admin →
Declined  ·  AdminProton (Admin, Proton) responded  · 

Thanks a lot for taking the time to raise this on UserVoice. We appreciate people using this platform as a way to help us decide on the forward direction of Proton products.


Unfortunately, this is being declined as it is an amalgamation of different requests. As per the rules on the front page of this website:


  • Stick to 1 idea per post for voting and discussion.


Please feel free to resubmit these ideas, divided into individual requests, or to use the search bar to find other individuals' submissions that do the same. For example, you can find a few different requests for hardware keys in the context of different Proton apps via the search bar.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • 3rd commented  ·   ·  Report

    Ok, this does need to be split into smaller bites of one idea each, but I found the information useful. Thanks for laying out the case for hardware tokens vs passkeys.

  • MagAu commented  ·   ·  Report

    💬 *As a follow-up, I want to highlight and reinforce what makes Proton Pass exceptional: its privacy-first, choice-driven design stands in stark contrast to broader trends led by powerful industry coalitions.*

    **1. Who Really Drives Authentication Standards**

    * **Executive Director (CEO):** Andrew Shikiar – runs the FIDO Alliance day-to-day.
    * **Executive Council Members:** Representatives from **Google (Sam Srinivas), Apple (Yousuf Vaid), Microsoft (Pamela Dingle), Visa (Henna Kapur), Yubico (Christopher Harrell), and NTT Docomo (Dr. Koichi Moriyama)**.
    * **The Bigger Picture:** These are the companies and organizations steering the move toward passkeys and ecosystem lock-in.

    **Why this matters:** The same organizations pushing hardest for passkeys are the ones with the most to gain from tying authentication to their platforms. Proton’s decision to keep passkeys optional and open-source isn’t just a technical choice—it’s a stand for independence in the middle of an industry power play.

Proton Pass & Authenticator: New feature

Categories

Feedback and Knowledge Base

(thinking…)