Mask newly generated passwords by default
Proton Pass already hides saved passwords in the vault and lets users copy them without revealing them. I’d like the password generator to work the same way.
When I add a passkey to an account, my next step is usually to rotate the old password to a long, random Proton Pass password that I do not know or memorize.
The passkey becomes my everyday login, and the password becomes a manager-held emergency backup.
The only weak moment is generation. Right now, the new password is shown on screen as soon as it is created. That creates a brief but unnecessary exposure window for screen recording, remote viewing, screenshots, shoulder surfing, or malware that captures the screen.
For many users, there is no reason to ever visually reveal a generated password. We just need to generate it, copy it, paste it, and save it.
My suggestion:
Generate new passwords masked by default, with tap/click-to-reveal for users who want to inspect or edit them. Also allow copying while the password remains masked, just like Proton Pass already does with saved passwords.
This would make the password generator match Proton Pass’s existing vault behavior and remove an avoidable moment of exposure