Jump to content
  • Proton launches an end-to-end encrypted passwor

    MagicSahar

    • 463 views
    • 3 minutes
     Share


    • 463 views
    • 3 minutes

    In addition to encrypting your passwords, Proton Pass applies the same layer of security to stored usernames, notes, and web addresses.

     

    Proton, the company behind Proton Mail, has announced the launch of a new password manager: Proton Pass. While the service will eventually become free for everyone to use, it’s currently only available as a beta to Proton’s Lifetime and Visionary users for now.

     

    As is the case with Proton’s other products, Proton Pass uses end-to-end encryption (E2EE) that’s supposed to keep your personal information away from prying eyes, including third parties and Proton itself. In addition to letting you store your usernames, passwords, and notes, you can also add any randomly generated email aliases that you can use as a replacement for your real address.

     
     

    The password manager won’t have support for passkeys at launch, however. Proton spokesperson Will Moore tells The Verge that while it’s part of the company’s “long term roadmap,” it believes “passwords are not going away anytime soon as passkey adoption will not happen overnight.”

     

    Proton’s new password manager not only applies E2EE to your passwords but also the usernames, web addresses, and all the other fields associated with your login information. In a blog post explaining the service’s security model, Proton notes that “all cryptographic operations, including key generation and data encryption,” happen locally on your device, which Protons says it can’t decrypt, even if a third party requests it.

     

    This kind of “zero knowledge” security model is the same type of feature touted by other popular password managers, including 1Password and LastPass, the latter of which became the victim of a major data breach last year. After hackers stole LastPass’s source code and encrypted password vaults, security experts criticized the company’s response, with researcher Jeremi Gosney stating, “LastPass’s claim of ‘zero knowledge’ is a bald-faced lie” and that it has “about as much knowledge as a password manager can possibly get away with.”

     

    “Protecting your passwords properly requires a high level of competence with encryption and security, which few organizations have,” Proton founder Andy Yen writes in a blog post. “We’ve always been worried about the risk posed by a major password manager breach, which unfortunately became a reality with the recent hack of LastPass.”

     

    The company’s new password manager comes a little over a year after Proton acquired SimpleLogin, a tool that lets users send anonymous emails. Yen says this acquisition increased the company’s “ability to develop a new password manager without impacting efforts on other Proton services” and that it should help mitigate the risks associated with using an insecure password manager with Proton’s range of products.

     

    Proton plans on making its password manager open source once it’s released to the public and is also offering up to $10,000 in rewards for security researchers who can find vulnerabilities within Proton Pass and its other products. The password manager is currently available on desktop, Android, iOS, and as a browser extension for Brave and Google Chrome, with an extension for Firefox coming soon.

     

    https://www.theverge.com/2023/4/20/23691097/proton-end-to-end-encrypted-password-manager-e2ee


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...