Going with the easy route and implementing the extra password instead of this, was a bad design choice. It’s usually more expensive to alter a system afterwards… this now requires not only a new implementation, but also a migration between two authentication systems.

It’s sad, this lack of forethought.

As someone who uses an easier password (but still secure obviously) for my password vault, which stores a much stronger password for my proton account. I'd love to be able to use a separate master password

We need a way to have a different password for Proton Pass as to not expose the other Proton services, at a minimum.

This way, I don't have to worry if my proton email, drive, or calendar, etc, get exposed because I can modify the services individually and not compromise access to my Proton Pass account.

There are even more secure methods as to not expose the other services that others have outlined.

It is a must have for a privacy focus company and ecosystem.

I need Proton pass to use a separate master password that isn’t tied to anything else, and to unlock it every time I use it on any platform. This also makes Pass usable to store my Proton account credentials. I believe this functionality is basic and the most understandable for most users.

This is the important feature that Proton Pass must have, the additional password is absolute nonsense, we need a separate master password like EVERY other password manager has, because Pass is an absolutely top product.

Having a separate password for Proton Pass would improve user trust. Most Proton Pass users are not IT-security experts and may not fully grasp the intricacies of how the system operates. Therefore, it is important to keep things as simple as possible.

Currently, some basic principles of password security are violated:

- Never reuse passwords [1]
- Memorize as less passwords as possible to avoid the password fatigue [2]

While I am confident there is a solid rationale behind Proton's implementation choices, explaining these decisions might require delving into complex technical details. Lengthy explanations can be difficult to understand and may inadvertently reduce trust.

[1] https://proton.me/blog/creating-password-policy#Never-reuse-passwords
[2] https://proton.me/blog/password-fatigue

This two passwords policy makes proton pass useless.

I've being using other password manager for a long time and I'm testing proton pass, but I'm afraid that I can't use it.

The point of a password manager is to remember only a master password but you can't do this with proton pass unless you make match the proton account password and the proton pass second password, what seems insecure for me.

.

I am so confused

I want something separate from my regular Proton account. I want my password manager to store my email account password. Memorize one password that isn’t tied to anything else

I want segregated security between my password manager and my other services to:
1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.

I dislike Proton’s current implementation because:
• using one password across all Proton service is analogous to re-using the same password across multiple websites.
• having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.

I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).

Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).

Best luck with this new feature.

I do not want an extra password just its own password.

I do not want an "extra password." I was a single unique password for Proton Pass.

Proton has been doing a great job with Pass, but I have my Proton login info on my password manager. I can't access the login info to sign in if I have to sign in to get the login info. I would appreciate the ability login with just the "extra password" and not have to login first.

This is the only thing holding me back from switch over from Bitwarden and I can't understand how such a critical feature wasn't there from the get go.

(Off topic, but it's very annoying that I had to sign up to User Voice for this...)

This is a very important feature for me. I would want to only memorize a very secure password for Proton Pass and have all the other service's passwords in Proton Pass, including the one for other Proton services like Proton Mail, as any other standard password manager out there. Doing it this way would also allow me to use the integrated TOTP authenticator of Proton Pass for my Proton Mail, instead of using a third-party authenticator _only_ for my Proton Account (having all other TOTP accounts codes in Proton Pass). Right now, I have to use two passwords managers, one _only_ for accessing my Proton Account (and in turn Proton Pass) and Proton Pass itself for accessing all the other accounts I have. This is an issue that needs to be fixed and the day that is implemented I will migrate fully to Proton Pass (and I will ditch the other password manager and TOTP app). I am looking forward for this to be done.

So glad we have to vote again since they don't understand and implemented something that's not what was wanted. This needs to be added before I consider switching to Proton Pass.

While Proton has made commendable efforts in developing ProtonPass, the extra password solves nothing, and the current design prevents it from serving its purpose as a password manager. The requirement to use the same password as other Proton products significantly reduces its utility and security benefits. Many users have expressed frustration with this constraint, as it essentially means they still need a separate password manager. For a company that prides itself on security and privacy, this approach is difficult to understand. The current implementation falls short of expectations, especially considering the caliber of talent at Proton... CERN, MITm caltech,Harvad, PhD´s etc. It would be beneficial for Proton to carefully consider user feedback and reevaluate their design choices for ProtonPass. A more flexible and secure solution that allows for a separate master password would greatly enhance ProtonPass's functionality and appeal. This change is necessary for ProtonPass to fulfill its intended role as a comprehensive password manager and align more closely with Proton's reputation for robust security measures. I am very disappointed to say the least, to see such a solution from a company like Proton, its hard to comprehend, and I am having difficulties to recommend Proton in general to anyone at the moment. ProtonPass is with its current design totally useless.

Just one password, and different from the email account. Only this method is consistent.

Implementing this feature is the ONLY way I'll switch from my current password manager.