Separate password for Proton Pass
I don't use ProtonMail as my default mail service, therefore my Proton account is protected by a generated password that I can't and don't want to remember (using Bitwarden).
Having a way to use a completely different password than the one of my proton account to unlock Proton Pass will be a dealbreaker for me.
-
paul commented
If I switched to Proton Pass at present, my username is my public facing email address, which has been sold God-knows-how-many times across the internet. In addition, as the one password I'll have to be able to remember, I'll need to switch the account password to something less secure than the intense string of characters generated by my current password service.
While my current password solution password isn't optimally secure, the service I use isn't a matter of public record (i.e. no @protonmail.com) and the login I use is exclusively for that service (not my public facing primary email address).
Oh, and it would also unlock my proton drive and calendar. Right now this is a hard pass.
-
JDJ commented
I would love to see an opt-in feature that adds:
1. An extra password (like the mailbox password) or its own password to proton pass.
2. The ability to select which alias is used to log in, defaulting back to the proton mail address should the alias (accidentally) be deleted.
3. An optional extra 2fa just for proton pass wouldn’t be too bad either.
I agree with many in these comments that the way it’s set up now isn’t the best opsec, using the same and username password for all secure and private services, not really a best practice.
Though at the same time, I do understand the ease of use this gives less tech savvy users. As a former IT support guy and now fairly seasoned sysadmin I’ve seen many people struggle with the balance between security and user friendliness.
The way proton designs their products is to make it as accessible to less tech savvy people as it is to the more privacy/security oriented people.For this reason, stay in the same market as you are now, but add more advanced security features for those that know how to use it and/or want more security.
Since that was the whole idea that started proton. More privacy and security without having to sacrifice.I truly hope Proton add a feature like this, cuz I would love to hop over to proton pass.
-
Gilles commented
This also creates a big problem :
1. my Proton accont password is recorded into ProtonPass... don't want to use a separate password manager just for it !
2. I have changed my password for my Proton account using the generate password feature of ProtonPass to have a safer/more complex one
3. BUT then, as my main Proton account password was changed, I got instantly logged off from all my ProtonPass instances, on all devices, BEFORE it would even give me the choice to update my Proton account entry in ProtonPass.
4. luckily enough I had pasted the new password into a notepad before saving the change. Otherwiswe I would have lost my Proton account access as I could not reconnect to ProtonPass without having the new, complex password that ProtonPass did NOT give the chance to save before kicking me out of my own account...
Having a separate password for ProtonPass would bring the possibility to remain connected to it even when changing the Proton account password and update related entry if kept in it -
Naresh Gupta commented
Also, I think better password or pin number should be required to see password in clear text in browser extension and app.
-
Ribbon3682 commented
I use proton as my main email service. It would be wonderful not only having separate passwords for mail and pass, but also for drive. Besides, it would be very interesting being able to login with only an specific alias and not all of them, that would be an extra layer of security.
-
Clark Everson commented
Lorin I understand your concern with those logins and while i think this feature is needed, and i can't switch until added, i disagree about removing those buttons. There are large clients that rely (especially on the sign in with google button) for the business SSO login. So removing it prevents those users from using this tool, which removes a segment of customers who could be using this as an alternative to 1password or bitwarden
-
Lorin Ricker commented
Adding my +1 (+many!) to having a separate Master Password for PPass, for all the reasons well-stated here by others. Also, please remove Facebook and Google authorization from PPass login/authentication -- that's like letting the wolves into the chicken coop! Relying on these information thieves for authentication/api services is a really bad look for Proton's security reputation!
-
Thorsten Rothenpieler commented
As many others stated already, this is a deal breaker for me.
As long as I'm forced to share my Proton Mail password with Proton Pass, I'm not going to switch from Bitwarden to Proton Pass.
It's a real shame because your password app seems great.
-
SD commented
It make no sense for secure product to have the same password for all services. Having my password for VPN stored in my ocal keychain, having the sme password for my email and Proton Pass?!? If someone get access to one place... they get everyting even if 2FA is used using email. I have to use 2FA with non Proton email to increse security. I would prefer only use Proton.
-
Sascha Win commented
this is so important. how can my password manager login be not separate from all other services.
-
mike b commented
It would be great to have a generated pass for Protonmail and a memorable pass for Proton Pass.
-
Get better commented
no don't separate password to log into proton pass that's gona big mistake for separate proton pass from protonmail account please don't listen to peoples dont do that.
-
Shawn commented
Please make this happen!
-
Clark Everson commented
This is the only thing preventing me from migrating to this app
-
TWOK commented
This actually needs to be a passwordless (FIDO) logon, in addition to it being a separate password. Like others here, I generated a massive random password for Proton services using Dashlane and could never use it to sign into Protonpass without changing my master password to something human memorable. I could never recommend it to my friends or family without passwordless login.
-
Quantum Walnut commented
I want Proton Pass to be a standalone app with standalone login system.
By virtue of its function, Pass cannot be part of a suite with other Proton products, because it IS the gateway to all the said products.
For example, maybe you can give Pass its own login system, and then require users to use Pass to login to the remaining Proton products.
At some point, you need to find a way to not put all the eggs in same basket, otherwise the risk is too high.
-
mhj commented
Number one rule is not to use same password for several services, but here we are using it for Mail, Calender, VPN, and Password manager.
And to put some sugar on top, as a paid user I can have 15 emails in my mail that all can be used to log in!!!
-
Get better commented
no don't separate password to proton pass let the proton account handle it cause much more secure to log the proton pass with my encryption proton account don't use master password don't listen to stupid people they follow the other password manager=Proton pass is totally different on market and totally full secure compared to other password manager.
-
John Housley commented
Greetings friends,
I consider this functionality critical as I keep my Proton credentials securely stored in my current password manager. Optional separate credentials, in whatever form deemed appropriate and secure, would allow me to keep my primary Proton credentials secured in Proton Pass. Having this feature for other applications could also be beneficial. I am patiently waiting for a solution to this issue so that I can switch to Proton Pass. Thank you all for the hard work.
-
mih commented
This is critical, and a separate password should be applied for ProtonVPN as well