Check password breach, duplicates, weak, missing 2FA
It would be nice to keep my vault healthy with secure passwords. A dashboard could help manage this. Most other password managers have features likes this.
It would be really great!
Absolutely necessary and a must-have for high quality password managers. Knowing which passwords are at risk of being compromised due to a breach (re-used passwords).
This could be done using K-anonimity feature proposed by Have I been Pwned.
Meaning part of the hashed password is used to find corresponding elements in HIBP.
Then the hashes are compared localy when the user is logged in.
This allows to keep the zero-knowledge aspect for Proton and to detect potentialy leaks.
What Bitwarden web vault dashboard has is a perfect example of what should be done. Have the ability to see all this data is really important to have a good password base, especially when having hundreds of passwords.
A user commented
Knowing which accounts don’t have 2FA would be useful. (Right now, I just stumble upon them and fix them as I go along.) And for those services that don’t provide 2FA, knowing whether your password is weak or whether you have it repeated in some other login would help.
I’m not entirely comfortable with integrating with haveibeenpwned because that would mean sending my password out for someone else to look at so they can check if it has been compromised, and one of Proton’s selling points for me is that they don’t rely on other companies’ privacy promises. If you decide to implement it, please make it opt-in with bold red letters saying that your password will be shared with someone besides yourself.
There should be something inside of Proton Pass where it will give you password security enhancement recommendations where you can also see your password health score and all of your weak and reused passwords.
I would call this similar to what other password manager software call it: "Dark web monitoring" (duh, whatever that means), an integration of haveibeenwpnd with data leaks monitoring.
I have doubts I'd like anyone to monitor the passwords since it has to be truly zero-knowledge. I wonder if that is technically safe to verify your password being leaked.
Sergio Sergio commented
Aplicar una opción para ayudar a identificar contraseñas débiles, reutilizadas o comprometidas y brindar sugerencias para reemplazarlas con alternativas sólidas y únicas.
Great suggestion, I think this is a duplicate of https://protonmail.uservoice.com/forums/953584-proton-pass/suggestions/46854529-add-dashboard-to-check-double-passwords-compromis
Don Semsey commented
This would scan your database, show you what websites have the same passwords and show you any passwords older than 30 days, serving as a reminder to change those passwords ( or allowing the user to set a time frame for when they would like to know when a password is x days old)
Exactly what I'm looking for - a Report tab similar to what Bitwarden offers. These tools are necessary to have a complete app.
This is important for a good and safe password manager
Linked to this from https://protonmail.uservoice.com/forums/953584-proton-pass/suggestions/46854529-add-dashboard-to-check-double-passwords-compromis which has more votes. This has more details :)
https://protonmail.uservoice.com/forums/953584-proton-pass/suggestions/46912597-password-security-challenge has more detail but this has more votes
Brad Froud commented
I am sure that there could be even better additions than only what BitWarden does, but the features available on the paid version of BitWarden by accessing the web vault's Reports tab are a great example of what I am looking to be integrated into Proton Pass similarly to the author of this feature request.
It'd be great if there were warnings for passwords in the vault which appeared in password lists from data breaches, similar to 1Password's Watchtower feature. I'd understand if this feature was only available in paid tiers.
Haru Toki commented
A comprehensive assessment of our current password strength. It will analyze various aspects of our passwords, such as complexity, length, uniqueness, and vulnerability to common hacking techniques. Advanced algorithms to evaluate our passwords against a robust set of personal and industry security standards, providing us with invaluable insights into potential weaknesses.
Once the assessment is complete, we will receive a detailed yet easily comprehensible report that breaks down the strengths and weaknesses of our passwords. The report will highlight areas where improvements can be made and provide practical recommendations to enhance a our password security.
If you can provide everything that nordpass provides that im all in
@Protonmail - yeah but not everyone is like you and I. Believe it or not, a lot of people don't use password managers. :(