It seems intuitively like this would be very important feature for monitoring compromised accounts, but analytically I do not understand why and I do not see an advantage of additionally monitoring for compromised account login credentials by independently monitoring for compromised passwords.

So overall, I'm not sure, but erring on the side of caution and employing the additional method of monitoring for compromised account login credentials by independently monitoring for compromised passwords to cover unknown cases seems prudent.

But all of this said, it seems how beneficial implementing this feature request would potentially be can only be determined through checking some assumptions...

So in the form of questions that come to mind, if I may ask, and maybe other users and/or Proton staff have informed answers and/or other questions :

1.) Are there cases in which an account stored in the password manager for a given website or whatever can be determined to have known fully or partially compromised set of login credentials (i.e. both username/email and password, or only password), therefore calling for user action to change the login's password (and ideally also change the unique username/email too, and also ideally marking the issue as resolved in either case) only by directly searching for each account's password in the databases and other dark web-related places like forums used by these monitoring tools?

2.) If the answer to #1 is 'Yes', then:
If the user follows the standard security practice password managers instruct users to perform--generate a unique password and unique email address and/or unique username for each unique account then is the answer to #1 still a 'Yes' ?

3.) If the answer to #2 is 'No', then it seems that this feature request is more of a request to implement a feature accommodating using the product in a manner diverging a bit from how it is intended...so that might need to addressed in the process of evaluating this request...and hopefully there could be sharing of the developers' and designers' considerations.

Personally, I can see cases in which the user might not be able to reasonably/practically follow to a strict extent the directed or recommended practice of generating a unique password for every account, or generating both a unique password, username, and email address for every account.

This is especially the case for logins created/updated before starting to use a password manager, and/or beginning to implement this practice, because it takes a lot time and energy to change all of the logins to accounts, especially in the beginning.

I can understand from the developer's view, how there has to be some sort of baseline reasonably assumed or expected manner of use of the product. I just hope that if this possibility were at all relevant here, that the burden is not put on the user to such an extreme extent considering the realities how much effort the user already has to put into switching to and adopting new product for everyday and broad use.

But #3 may not be a consideration here if the answer to #2 is 'Yes'...

4.) Last question is related to any possible security considerations:

Is there a way of the performing routine searches of the passwords of the logins stored in Proton Pass in the external sources of information that would be involved in this requested monitoring without any compromise on the level/quality of the existing data security practices in place used protect the passwords stored in Proton Pass?

(I'm guessing it's a negligible risk in the worst case scenario, since Google passwords and 1Password are said to have this requested feature, but that's an assumption for which I have no basis)

And if some degree of compromise/risk is required, how significant is it, and can the user be informed of it with enough understanding to let them decide whether or not the benefits would outweigh the risks/costs for them, in optionally using this requested feature?

Thanks. Would be nice to hear back from Proton and/or anyone with relevant backgrounds on any or all of the above...

:)

this will be important for end users for sure.

Even google password manager does this. It's good to have it.

At the moment I have to export the passwords from my unlimited proton pass to the 1 password regularly to check for compromised passwords, change them ther and reimport them into proton..