Proton Pass Monitor: Dark Web Scanning, Password Health, Inactive 2FA
It would be nice to keep my vault healthy with secure passwords. A dashboard could help manage this. Most other password managers have features likes this.
Hi everyone! We're happy to announce that Proton Pass Monitor is now available: https://proton.me/blog/proton-pass-monitor
✨ Discover weak and reused passwords
✨ Find accounts with inactive 2FA
✨ Get breach notifications for emails, aliases, and passwords.
You can also check out the following support articles:
-
output461 commented
Similar suggestion to Add dashboard to check double passwords, compromised accounts/passwords, weak/old passwords, missing 2FA, dataleaks, etc.. Let's combine votes there https://protonmail.uservoice.com/forums/953584-proton-pass/suggestions/46854529-add-dashboard-to-check-double-passwords-compromis
-
Frank commented
So not only in combination with import.
-
Frank commented
I suggest an option to list items having a same password.
Such a list with the first/eldest item per password.
Then when clicked a sublist with belonging items.
Option per each item in the sublist for delete, merge or open -
Dillon commented
Absolutely necessary and a must-have for high quality password managers. Knowing which passwords are at risk of being compromised due to a breach (re-used passwords).
-
finn commented
This could be done using K-anonimity feature proposed by Have I been Pwned.
Meaning part of the hashed password is used to find corresponding elements in HIBP.
Then the hashes are compared localy when the user is logged in.
This allows to keep the zero-knowledge aspect for Proton and to detect potentialy leaks. -
Luke commented
What Bitwarden web vault dashboard has is a perfect example of what should be done. Have the ability to see all this data is really important to have a good password base, especially when having hundreds of passwords.
-
A user commented
Knowing which accounts don’t have 2FA would be useful. (Right now, I just stumble upon them and fix them as I go along.) And for those services that don’t provide 2FA, knowing whether your password is weak or whether you have it repeated in some other login would help.
I’m not entirely comfortable with integrating with haveibeenpwned because that would mean sending my password out for someone else to look at so they can check if it has been compromised, and one of Proton’s selling points for me is that they don’t rely on other companies’ privacy promises. If you decide to implement it, please make it opt-in with bold red letters saying that your password will be shared with someone besides yourself.
-
Peter Bailey commented
Other password managers I've used, namely Nordpass, have the ability for multiple deletions. I'm not aware of any password managers that can find duplicates.
-
Peter Bailey commented
PP needs to be able to find duplicate entries. I have many, many duplicate entries, probably from earlier password managers or browsers. But, PP doesn't seem to filter any incoming entries.
And, once duplicate entries are found, it needs to be able to delete multiple entries at once. I should be able to choose more than one entry at a time and delete them all at once.
-
silvan commented
app gets useless without this function :/ pleaseee prioritize :)
-
Jack commented
There should be something inside of Proton Pass where it will give you password security enhancement recommendations where you can also see your password health score and all of your weak and reused passwords.
-
Jessy commented
I would call this similar to what other password manager software call it: "Dark web monitoring" (duh, whatever that means), an integration of haveibeenwpnd with data leaks monitoring.
I have doubts I'd like anyone to monitor the passwords since it has to be truly zero-knowledge. I wonder if that is technically safe to verify your password being leaked. -
Sergio Sergio commented
Aplicar una opción para ayudar a identificar contraseñas débiles, reutilizadas o comprometidas y brindar sugerencias para reemplazarlas con alternativas sólidas y únicas.
-
Erica Peterson commented
I've been using 1password for the last decade or so, and I appreciated when they added the "Watchtower" feature which checks your saved logins against compromises posted to haveibeenpwned. I would really like to see this added to Proton Pass as well.
-
Don Semsey commented
This would scan your database, show you what websites have the same passwords and show you any passwords older than 30 days, serving as a reminder to change those passwords ( or allowing the user to set a time frame for when they would like to know when a password is x days old)
-
Gianandrea commented
It would be nice to have something similar to what Google does with the contact, check the duplicates and merge or delete them.
-
Chief commented
This is particularly important for the new user experience. When you import from various different browsers, for example, you end up with a whole bunch of unnecessary copies.
-
Paul Kodak commented
Yes!
-
Paul Kodak commented
Yes!
-
David Throup commented
Really useful when bringing passwords together under 1 roof