Anonymous
My feedback
7 results found
-
2,467 votes
An error occurred while saving the comment Anonymous
supported this idea
·
-
50 votes
An error occurred while saving the comment Anonymous
commented
Only allow one recovery phrase to be verified per week, don't open another way to brute force access. Yes this is a good feature!
DO NOT ALLOW OFFLINE VERIFICATION this means you have leaked key data by allowing a brute force attack! @Privacy101 October 30, 2025
Anonymous
supported this idea
·
-
73 votes
An error occurred while saving the comment Anonymous
commented
Yes, there's no real reason (other than being intuitive for unsophisticated users) that the account identity must be the primary public email address.
There should be an option to set (or be assigned) a meaningless account identifier that replaces the primary email address to use at login.
Anonymous
supported this idea
·
-
428 votesAnonymous
supported this idea
·
-
6 votes
An error occurred while saving the comment Anonymous
commented
Yes, we need to organize items within vaults. I see vaults as contexts (at work, at home) as Proton Pass works now.
We can have personas (Proton Pass "Identity"). Call it a character in a story. We might also have a main persona ("the IRL person") as a default persona.
The persona has a name, an email address (Proton Pass "Alias"), etc.
The persona has accounts (Proton Pass "Login") on web sites that use that email address.It should be easy to group all of these together under the persona.
Or... maybe a Vault IS a persona, so every Vault has an Identity and everything inside is linked to that Identity.
Anonymous
supported this idea
·
-
1 voteAnonymous
shared this idea
·
-
1,144 votes
An error occurred while saving the comment Anonymous
commented
I need dark mode. I cannot use light mode due to a disability.
Anonymous
supported this idea
·
This is the key problem of having an online password manager. I need to authenticate to it in a human-compatible way but it also has to resist automated unauthorized access. I'm not going to remember an actually really strong password and I'm likely to lose or damage any physical tokens used for 2FA. How can this be resolved?
With an offline password manager, at least there is the barrier of having access to the offline password database in the first place, so the passphrase to open the password database can be human-compatible without excessive risk of unauthorized access.
Even with a hybrid model (core credentials kept offline, frequently used / less critical credentials kept in Proton Pass) I always worry when Proton Pass needs my **core Proton Account password** to access it, the same password that also opens my Proton Mail and Proton Drive etc. that are much more sensitive than what I keep in Proton Pass.
Another way of saying the above: Proton Pass requires a password that opens it, while I only store in Proton Pass much less sensitive information compared to every other Proton app that requires the same password.
At a minimum, Proton Pass needs to accept a different password than the Proton account password... but I don't think that's good enough to fully trust Proton Pass to secure all of my credentials.
Yeah I don't know haha.
Is having access to the offline password database exactly equivalent to demonstrating access to a physical token or OTP key? (where would you store the OTP key reliably while you can still generate OTPs?)