Log into Proton Pass directly with its own password (without having to log into a Proton account first)
-
Arrogance commented
I have to add that I'm using bitwarden due to this matter.
-
Mitchu commented
Unless Proton implements this feature, I will continue using other password managers instead.
-
WoodBHermit commented
This is the main reason I have not yet switched to Proton Pass as my password manager.
Proton Pass must have a separate/unique password for manager access like the master password in LastPass and comparable software. This password must be different from the primary password used to access all the other Proton apps.
A second extra password for additional security does not address this crucial issue. I think there may have been a misunderstanding when this new feature was first requested: "separate/unique" incorrectly became "extra" for additional security.
Considering all the security issues that LastPass has had in recent years, at least they did get the idea of having a unique/separate (not extra) master password for password manager access correct from the very beginning.
-
Ville Salmela commented
Going with the easy route and implementing the extra password instead of this, was a bad design choice. It’s usually more expensive to alter a system afterwards… this now requires not only a new implementation, but also a migration between two authentication systems.
It’s sad, this lack of forethought.
-
CoreCat commented
As someone who uses an easier password (but still secure obviously) for my password vault, which stores a much stronger password for my proton account. I'd love to be able to use a separate master password
-
mikeysax commented
We need a way to have a different password for Proton Pass as to not expose the other Proton services, at a minimum.
This way, I don't have to worry if my proton email, drive, or calendar, etc, get exposed because I can modify the services individually and not compromise access to my Proton Pass account.
There are even more secure methods as to not expose the other services that others have outlined.
-
Ivan Bui commented
It is a must have for a privacy focus company and ecosystem.
-
R commented
I need Proton pass to use a separate master password that isn’t tied to anything else, and to unlock it every time I use it on any platform. This also makes Pass usable to store my Proton account credentials. I believe this functionality is basic and the most understandable for most users.
-
Markus commented
This is the important feature that Proton Pass must have, the additional password is absolute nonsense, we need a separate master password like EVERY other password manager has, because Pass is an absolutely top product.
-
Aleksandr commented
Having a separate password for Proton Pass would improve user trust. Most Proton Pass users are not IT-security experts and may not fully grasp the intricacies of how the system operates. Therefore, it is important to keep things as simple as possible.
Currently, some basic principles of password security are violated:
- Never reuse passwords [1]
- Memorize as less passwords as possible to avoid the password fatigue [2]While I am confident there is a solid rationale behind Proton's implementation choices, explaining these decisions might require delving into complex technical details. Lengthy explanations can be difficult to understand and may inadvertently reduce trust.
[1] https://proton.me/blog/creating-password-policy#Never-reuse-passwords
[2] https://proton.me/blog/password-fatigue -
Arrogance commented
This two passwords policy makes proton pass useless.
I've being using other password manager for a long time and I'm testing proton pass, but I'm afraid that I can't use it.
The point of a password manager is to remember only a master password but you can't do this with proton pass unless you make match the proton account password and the proton pass second password, what seems insecure for me.
.
-
Gloria J. Lamb-Holsom commented
I am so confused
-
Matthew commented
I want something separate from my regular Proton account. I want my password manager to store my email account password. Memorize one password that isn’t tied to anything else
-
Golliwog commented
I want segregated security between my password manager and my other services to:
1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.I dislike Proton’s current implementation because:
• using one password across all Proton service is analogous to re-using the same password across multiple websites.
• having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).
Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).
Best luck with this new feature.
-
Kayla B commented
I do not want an extra password just its own password.
-
Jordan G commented
I do not want an "extra password." I was a single unique password for Proton Pass.
-
Josiah Magnusson commented
Proton has been doing a great job with Pass, but I have my Proton login info on my password manager. I can't access the login info to sign in if I have to sign in to get the login info. I would appreciate the ability login with just the "extra password" and not have to login first.
-
dewes30461@hostlace.com commented
This is the only thing holding me back from switch over from Bitwarden and I can't understand how such a critical feature wasn't there from the get go.
(Off topic, but it's very annoying that I had to sign up to User Voice for this...)
-
[Deleted User] commented
This is a very important feature for me. I would want to only memorize a very secure password for Proton Pass and have all the other service's passwords in Proton Pass, including the one for other Proton services like Proton Mail, as any other standard password manager out there. Doing it this way would also allow me to use the integrated TOTP authenticator of Proton Pass for my Proton Mail, instead of using a third-party authenticator _only_ for my Proton Account (having all other TOTP accounts codes in Proton Pass). Right now, I have to use two passwords managers, one _only_ for accessing my Proton Account (and in turn Proton Pass) and Proton Pass itself for accessing all the other accounts I have. This is an issue that needs to be fixed and the day that is implemented I will migrate fully to Proton Pass (and I will ditch the other password manager and TOTP app). I am looking forward for this to be done.
-
Bob commented
So glad we have to vote again since they don't understand and implemented something that's not what was wanted. This needs to be added before I consider switching to Proton Pass.