Separate password for Proton Pass
I don't use ProtonMail as my default mail service, therefore my Proton account is protected by a generated password that I can't and don't want to remember (using Bitwarden).
Having a way to use a completely different password than the one of my proton account to unlock Proton Pass will be a dealbreaker for me.
-
DeNikow commented
I just want to let everyone know that this is the only thing keeping me from switching from Bitwarden.
-
Shawn commented
I agree this is critical to have as well! Furthermore, there should be the option to use MFA every time to open Proton Pass, including the use of security keys like Yubico.
-
ano commented
I have a similar requirement.
It would be nice if ProtonPass could be unlinked from the Proton account. Own login credentials/master password for Pass and only the licence is made available via Proton/SimpleLogin. This ensures that there is no access to the vault if the Proton account has been taken over (e.g. by accessing session cookies).
-
Dave commented
I'm using Bitwarden for a password manager until a separate password can be used for proton pass.
I don't know my password for my proton account, and I don't want to.
I have a very strong password for my Bitwarden account, with MFA.
I'd love to be able to use Proton Pass, please implement this.
-
Paolo commented
This needs to be implemented to make Proton Pass safe to use. My password for Proton apps is not one I can remember, therefore I need a separate password (the master password that I do remember) for Proton Pass to open the rest.
I have family members also using Proton Apps that will not be using Proton Pass until this is implemented.
-
Craig commented
Definitely - I've actually been using Proton Pass now since release and having an option to add an additional master password would be perfect.
I get the convenient idea that a single password to access all services such as how Microsoft works but for a password manager, it needs an extra layer to isolate it from an account being compromised.
-
Tali commented
I wanna have account password + Proton Pass master password. This will look more secure than now
-
Anonymous commented
You should separate Proton Pass login from the rest of the Proton services. It is not good security practice to use the same login for several sites/services, especially a password manager should be separate and unique.
-
Leccho commented
I find the two-password mode for the mailbox a bit excessive, but it's certainly necessary for a password manager. Therefore, I would like to have the option to enable this feature exclusively for the password manager. This way, there would be one password for logging into the account and another for decrypting the stored passwords.
I'm currently using the PIN, but it's only active locally and not that secure.
-
gh commented
Please add this asap
-
Carlos Henrique commented
Why are you using ProtonPass + Bitwarden? I think you this doesn't make sense.
If you use only ProtonPass, you're safe
-
Justin commented
I couldn't agree with this more! This is the most critical issue with Pass that is keeping me from using it as my full time PW manager. Please implement the option to be able to use a different password for the other Proton apps and ProtonPass.
-
Paolo commented
This needs to be a very high priority.
It doesn't make sense to have the same password for Pass as for the other Proton apps.
-
jb commented
I am a Proton Unlimited customer and have been for over 5 years.
I'm on the fence about ProtonPass and do not use it today.One of the reasons I cannot adopt it today is because of a lack of an additional master password used to encrypt the password content separately from the rest of the content encrypted by Proton. (If the "PIN" can be a strong password and it is used to decrypt the data in a way that without the PIN the data remains encrypted using strong encryption, then I suppose that works - but then I don't think it would be called a PIN).
Today, if my Proton account is compromised, the attacker has access to utilize my email, vpn, and calendar, but not an enumerated list of all of my online accounts with credentials for each one. They also do not have access to one-time-use passwords that many companies do not email out but tell you to take note of or write down as they will not be displayed again. These never make it into my email, but are in my password manager.
If ProtonPass encrypted my password data with my account credentials, that would be great - but insufficient. There must be an additional layer of encryption utilizing a completely different password/credential for me to be OK with this.
As an owner of a yubikey, I really am not interested in yet another soft-token approach that would live on the same device that is used to access my account.
As an aside: I do not use an email reset/recovery option with my Proton Account. If the data is inaccessible, it is gone forever - and I want it that way (I find the UI nags to set up recovery annoying as well). I also do not (and will never) utilize any recovery mechanism for my passwords in my current password manager (keepassxc).
Thanks! This probably isn't encouraging, but I think its helpful for proton to understand its customers' various perspectives.
-
Aman Bhattarai commented
This is the main reason holding me back from switching to Proton Pass from Bitwarden. It makes no sense having same credentials as proton mail for password. manager.
-
Xelphos commented
I was literally about to post about this exact thing. I really do not feel comfortable having my password manager use the same password as my email. I very much want the option to use a different password.
-
Musgrave commented
This is an urgent MUST DO.
-
Tonio commented
Totally supporting the other comments about separated password for ProtonPass
-
Paolo commented
No switch to Proton for me until this is implemented. I'll stay with Bitwarden.
-
Joe Velson commented
Support all the other comments that point out the poor level of security around Pass access vs. Mail access. I have 2FA implemented for Mail but as currently configured I would have to come up with some 2FA method for web browser (which accesses Pass via a browser extension) to achieve similar security. Separate login credentials with 2FA options for ProtonPass is essential to make this an effective and competitive password solution.