Separate password for Proton Pass
I don't use ProtonMail as my default mail service, therefore my Proton account is protected by a generated password that I can't and don't want to remember (using Bitwarden).
Having a way to use a completely different password than the one of my proton account to unlock Proton Pass will be a dealbreaker for me.
This needs to be implemented to make Proton Pass safe to use. My password for Proton apps is not one I can remember, therefore I need a separate password (the master password that I do remember) for Proton Pass to open the rest.
I have family members also using Proton Apps that will not be using Proton Pass until this is implemented.
Definitely - I've actually been using Proton Pass now since release and having an option to add an additional master password would be perfect.
I get the convenient idea that a single password to access all services such as how Microsoft works but for a password manager, it needs an extra layer to isolate it from an account being compromised.
I wanna have account password + Proton Pass master password. This will look more secure than now
You should separate Proton Pass login from the rest of the Proton services. It is not good security practice to use the same login for several sites/services, especially a password manager should be separate and unique.
I find the two-password mode for the mailbox a bit excessive, but it's certainly necessary for a password manager. Therefore, I would like to have the option to enable this feature exclusively for the password manager. This way, there would be one password for logging into the account and another for decrypting the stored passwords.
I'm currently using the PIN, but it's only active locally and not that secure.
Please add this asap
Carlos Henrique commented
Why are you using ProtonPass + Bitwarden? I think you this doesn't make sense.
If you use only ProtonPass, you're safe
I couldn't agree with this more! This is the most critical issue with Pass that is keeping me from using it as my full time PW manager. Please implement the option to be able to use a different password for the other Proton apps and ProtonPass.
This needs to be a high priority. You just cannot have the same password for Pass and the other Proton apps.
I am a Proton Unlimited customer and have been for over 5 years.
I'm on the fence about ProtonPass and do not use it today.
One of the reasons I cannot adopt it today is because of a lack of an additional master password used to encrypt the password content separately from the rest of the content encrypted by Proton. (If the "PIN" can be a strong password and it is used to decrypt the data in a way that without the PIN the data remains encrypted using strong encryption, then I suppose that works - but then I don't think it would be called a PIN).
Today, if my Proton account is compromised, the attacker has access to utilize my email, vpn, and calendar, but not an enumerated list of all of my online accounts with credentials for each one. They also do not have access to one-time-use passwords that many companies do not email out but tell you to take note of or write down as they will not be displayed again. These never make it into my email, but are in my password manager.
If ProtonPass encrypted my password data with my account credentials, that would be great - but insufficient. There must be an additional layer of encryption utilizing a completely different password/credential for me to be OK with this.
As an owner of a yubikey, I really am not interested in yet another soft-token approach that would live on the same device that is used to access my account.
As an aside: I do not use an email reset/recovery option with my Proton Account. If the data is inaccessible, it is gone forever - and I want it that way (I find the UI nags to set up recovery annoying as well). I also do not (and will never) utilize any recovery mechanism for my passwords in my current password manager (keepassxc).
Thanks! This probably isn't encouraging, but I think its helpful for proton to understand its customers' various perspectives.
Aman Bhattarai commented
This is the main reason holding me back from switching to Proton Pass from Bitwarden. It makes no sense having same credentials as proton mail for password. manager.
I was literally about to post about this exact thing. I really do not feel comfortable having my password manager use the same password as my email. I very much want the option to use a different password.
This is an urgent MUST DO.
Totally supporting the other comments about separated password for ProtonPass
No switch to Proton for me until this is implemented. I'll stay with Bitwarden.
Joe Velson commented
Support all the other comments that point out the poor level of security around Pass access vs. Mail access. I have 2FA implemented for Mail but as currently configured I would have to come up with some 2FA method for web browser (which accesses Pass via a browser extension) to achieve similar security. Separate login credentials with 2FA options for ProtonPass is essential to make this an effective and competitive password solution.
Not having completely distinct credentials and sessions for Protonpass and all other Proton products is an absolute non-starter.
This is just crying for a complete account lock-out, especially when you have 2FA enabled for your account (as you should).
At the moment you can either use Protonpass or the other Proton products, but not both at the same time.
Nadi Tsui commented
This is kind of stupid to use the same password as ProtonMail when the password is randomly generated. I will be unable to login to ProtonPass as the password is stored in ProtonPass which I am unable to reach because I don't have the password. Please consider allowing user to setup a seperate password for ProtonPass
Using an alternate method like the YubiKey would be great! YubiKey is available for many device types; PC, Android, iPhone, and possibly others.
Update: Proton Mail has the option to use "Google Authenticator" - this should be an option for other Proton systems too. (I could have missed the option for other Proton systems, if so, sorry)
I want to set a masterpassword to unlock proton pass instead of the biometric PIN (on mobile) or on desktop only a simple 6 digit PIN.
I mean the proton pass can generate secure passwords, but the app has only a 6 digit PIN to unlock?
We got to ramp up the security to all our passwords here!