I am a Proton Unlimited customer and have been for over 5 years.
I'm on the fence about ProtonPass and do not use it today.
One of the reasons I cannot adopt it today is because of a lack of an additional master password used to encrypt the password content separately from the rest of the content encrypted by Proton. (If the "PIN" can be a strong password and it is used to decrypt the data in a way that without the PIN the data remains encrypted using strong encryption, then I suppose that works - but then I don't think it would be called a PIN).
Today, if my Proton account is compromised, the attacker has access to utilize my email, vpn, and calendar, but not an enumerated list of all of my online accounts with credentials for each one. They also do not have access to one-time-use passwords that many companies do not email out but tell you to take note of or write down as they will not be displayed again. These never make it into my email, but are in my password manager.
If ProtonPass encrypted my password data with my account credentials, that would be great - but insufficient. There must be an additional layer of encryption utilizing a completely different password/credential for me to be OK with this.
As an owner of a yubikey, I really am not interested in yet another soft-token approach that would live on the same device that is used to access my account.
As an aside: I do not use an email reset/recovery option with my Proton Account. If the data is inaccessible, it is gone forever - and I want it that way (I find the UI nags to set up recovery annoying as well). I also do not (and will never) utilize any recovery mechanism for my passwords in my current password manager (keepassxc).
Thanks! This probably isn't encouraging, but I think its helpful for proton to understand its customers' various perspectives.
jb
I am a Proton Unlimited customer and have been for over 5 years.
I'm on the fence about ProtonPass and do not use it today.
One of the reasons I cannot adopt it today is because of a lack of an additional master password used to encrypt the password content separately from the rest of the content encrypted by Proton. (If the "PIN" can be a strong password and it is used to decrypt the data in a way that without the PIN the data remains encrypted using strong encryption, then I suppose that works - but then I don't think it would be called a PIN).
Today, if my Proton account is compromised, the attacker has access to utilize my email, vpn, and calendar, but not an enumerated list of all of my online accounts with credentials for each one. They also do not have access to one-time-use passwords that many companies do not email out but tell you to take note of or write down as they will not be displayed again. These never make it into my email, but are in my password manager.
If ProtonPass encrypted my password data with my account credentials, that would be great - but insufficient. There must be an additional layer of encryption utilizing a completely different password/credential for me to be OK with this.
As an owner of a yubikey, I really am not interested in yet another soft-token approach that would live on the same device that is used to access my account.
As an aside: I do not use an email reset/recovery option with my Proton Account. If the data is inaccessible, it is gone forever - and I want it that way (I find the UI nags to set up recovery annoying as well). I also do not (and will never) utilize any recovery mechanism for my passwords in my current password manager (keepassxc).
Thanks! This probably isn't encouraging, but I think its helpful for proton to understand its customers' various perspectives.