Check password breach, duplicates, weak, missing 2FA
It would be nice to keep my vault healthy with secure passwords. A dashboard could help manage this. Most other password managers have features likes this.
-
finn commented
This could be done using K-anonimity feature proposed by Have I been Pwned.
Meaning part of the hashed password is used to find corresponding elements in HIBP.
Then the hashes are compared localy when the user is logged in.
This allows to keep the zero-knowledge aspect for Proton and to detect potentialy leaks. -
Luke commented
What Bitwarden web vault dashboard has is a perfect example of what should be done. Have the ability to see all this data is really important to have a good password base, especially when having hundreds of passwords.
-
A user commented
Knowing which accounts don’t have 2FA would be useful. (Right now, I just stumble upon them and fix them as I go along.) And for those services that don’t provide 2FA, knowing whether your password is weak or whether you have it repeated in some other login would help.
I’m not entirely comfortable with integrating with haveibeenpwned because that would mean sending my password out for someone else to look at so they can check if it has been compromised, and one of Proton’s selling points for me is that they don’t rely on other companies’ privacy promises. If you decide to implement it, please make it opt-in with bold red letters saying that your password will be shared with someone besides yourself.
-
Peter Bailey commented
Other password managers I've used, namely Nordpass, have the ability for multiple deletions. I'm not aware of any password managers that can find duplicates.
-
Peter Bailey commented
PP needs to be able to find duplicate entries. I have many, many duplicate entries, probably from earlier password managers or browsers. But, PP doesn't seem to filter any incoming entries.
And, once duplicate entries are found, it needs to be able to delete multiple entries at once. I should be able to choose more than one entry at a time and delete them all at once.
-
silvan commented
app gets useless without this function :/ pleaseee prioritize :)
-
Jack commented
There should be something inside of Proton Pass where it will give you password security enhancement recommendations where you can also see your password health score and all of your weak and reused passwords.
-
Jessy commented
I would call this similar to what other password manager software call it: "Dark web monitoring" (duh, whatever that means), an integration of haveibeenwpnd with data leaks monitoring.
I have doubts I'd like anyone to monitor the passwords since it has to be truly zero-knowledge. I wonder if that is technically safe to verify your password being leaked. -
Sergio Sergio commented
Aplicar una opción para ayudar a identificar contraseñas débiles, reutilizadas o comprometidas y brindar sugerencias para reemplazarlas con alternativas sólidas y únicas.
-
Erica Peterson commented
I've been using 1password for the last decade or so, and I appreciated when they added the "Watchtower" feature which checks your saved logins against compromises posted to haveibeenpwned. I would really like to see this added to Proton Pass as well.
-
Don Semsey commented
This would scan your database, show you what websites have the same passwords and show you any passwords older than 30 days, serving as a reminder to change those passwords ( or allowing the user to set a time frame for when they would like to know when a password is x days old)
-
Gianandrea commented
It would be nice to have something similar to what Google does with the contact, check the duplicates and merge or delete them.
-
Chief commented
This is particularly important for the new user experience. When you import from various different browsers, for example, you end up with a whole bunch of unnecessary copies.
-
Paul Kodak commented
Yes!
-
Paul Kodak commented
Yes!
-
David Throup commented
Really useful when bringing passwords together under 1 roof
-
Chuck Brewster commented
I was looking for this feature, this would be incredible. I think if you allowed proton to access each username and password for that site, and asked did that work if yes move the rest to trash, if no move that to trash and try the next one. Thank you all for what you do, I got most family switched over, family plan here we come.
-
abelokoj commented
This is absolutely needed at this moment.
I think they can just find a way to allow the user to be able to merge 2 or more entries together.
-
User commented
Exactly what I'm looking for - a Report tab similar to what Bitwarden offers. These tools are necessary to have a complete app.
-
Tom McKeon commented
I started with the free Pass app. When I imported my LastPass file there were a number of files Proton was unable to import. I wasn't paying close enough attention to what they were. I was only trying out the app.
When I enrolled in a paid subscription I repeated the import thinking there were limitations set in the free version on the type of data it could import. I didn't know if Proton would ignore duplicates, but I thought I could just run a script from Proton after the import. I couldn't believe there was no such feature.