Separate Password for Proton Pass
I don't use ProtonMail as my default mail service, therefore my Proton account is protected by a generated password that I can't and don't want to remember (using Bitwarden).
Having a way to use a completely different password than the one of my proton account to unlock Proton Pass will be a dealbreaker for me.
You can now set an extra password for Proton Pass in addition to your Proton account password, allowing for better compartmentalization and peace of mind. https://proton.me/support/pass-extra-password
This feature is rolling out today to all Lifetime plans, followed by a staged rollout for Unlimited plans, and it will be available to everyone else over the coming days.
-
polanri commented
I deactivated 1Password everywhere and replaced it by Proton Pass, I really hoped to ditch my expensive 1Password subscription thanks to Proton Pass but I can't just yet.. Yesterday I updated iOS and after the iPhone restarted, the first service I needed to log in prompted Proton Pass screen asking me to log in with my Proton account and password (instead of a password I can remember, or a biometric / 2FA authentication..) so I had to launch 1Password to retreive my Proton account credentials \o/
-
Anthony commented
Needs to happen.
-
J-McD commented
It would be more secure to have the option of being able to use separate passwords for each service (P'mail, P'drive & P'pass).
If your mail account was compromised by a user, that user has access to everything.
It should be optional. Some folks may prefer a single login, others may prefer a more secure environment where each service has its own password.
-
EntHerder commented
I understand the importance for you to centralize everything in one place, and I am aware that Proton is a reliable company when it comes to security, which is why I have been using Proton for years. However, it would have been preferable to have the choice between linking ProtonPass to one's ProtonMail account or creating a separate account, just like it is possible with Bitwarden. In fact, I specifically use a password manager (Bitwarden) with very strong passwords for Proton and many other services. The only password I easily remember is the one for Bitwarden. I was very excited about the release of ProtonPass, but ultimately, it won't work for me at the moment.
I have noticed that many users share the same opinion, and I hope you take it into consideration.
By the way, it would have been nice to have at least two vaults available in the free version.
-
Paul H commented
I can see the difficulty in implementing this. You don't need to purchase mail to purchase vault. So everything is behind a Proton account. It's not behind your Mail account. Mail is just a service that uses your Proton account. Single Sign on would break with this too. It's hardly a giant security concern as virtually all security-minded companies have SSO. If they break your email, they can reset most service passwords anyway. So having a different one doesn't really matter. Just turn on 2FA. It's infinitely better for security.
-
User commented
I would say that the more important reason is to not have all your eggs in one basket. If Proton is your main email then it getting compromised would also mean your password manager being exposed. Just to not over rely on a single point of failure I would require at least different passwords. An independent TOTP for Proton Pass would be ideal.
-
Tim Z commented
This is exactly my situation.
-
Em commented
This is a pretty good point and partly why I will not move away from keepass. But it doesn't invalidate it as something I'd strongly recommend to my friends that would otherwise just use the same password for everything.
-
[Deleted User] commented
I use a password manager so that I won't have to remember my password to emails and such. Hence, using the same password for the manager and for the proton account defies the point.
Additionally, it is bad practice to have the same password for two online services -
AUser commented
This would be invaluable, I'm in a very similar situation. Lack of ability to sign into Proton Pass using a standalone set of credentials is blocking me from migrating from Bitwarden full time.
-
Y commented
Yep, would be great unlock our vaults with a password locally, so that even linked to our Proton account, we can use a proper password on ProtonPass.
I so agree with "ohoh" comment below. Too much concentration is not a good security way.
-
Y commented
Like on Bitwarden, let the user choosing for password unlock (rather than PIN) on web and smartphone versions.
Like on Bitwarden, allowing to create a master password, uncorrelated to the our Proton account credentials.
-
Paulo commented
Much like other services offer, using a master password to open the vault is a must, it's way more secure than using a pin
EDIT: Users are logged out after 3 failed attempts to protect against brute force attacks