Same. I'll continue to use Bitwarden. I think it's good to have other open-source options out there, though. Proton Pass is definitely prettier and will appeal to some people that care more about the aesthetics.
I bought it at $1 a month because it basically includes simplelogin for free. Which is normally $30 a year or more. The catch is you can only create simplelogin aliases via the password manager extension only.
I have no experience with bitwarden, but I already have a paid mail with proton and that makes this password manager free, and I kinda lost faith in my previous manager LastPass after last year.
So far, at the least the interface of proton pass is miles ahead of lastpass.
The only thing keeping me from switching to Bitwarden from Enpass is that it's a lot more convenient having two separate fields for Username and Email. I want to be able to have both saved without creating a new field each time.
IIRC it's missing a number of features that ProtonVPN Windows has. I last checked into it a year or so ago and the attitude was that it was a very shoddy application missing most features. I found this github issue expressing this sentiment but I don't see much in terms of specifics.
I don't have a paid ProtonVPN but I just downloaded the VPN on a free account and it only has 3 options on it:
Secure Core on/off (only select servers in privacy-friendly countries)
Netshield (DNS adblocking etc)
Killswitch
I use Mullvad so I opened that up alongside and will list out the features it has on its Linux client in comparison:
The main ones for me are split tunneling and Wireguard. Using a VPN that doesn't support these is a non-starter for me, unfortunately. If any of this is different when you have a paid ProtonVPN account let me know - I don't have very much experience with it.
TBH, if protonVPN under linux was any good I would probably have Proton Unlimited. I can't justify paying for Mullvad and Proton Unlimited, so I DIY my own collection of services to match functionality for about the same price.
I just had a look and as far as i can tell ProtonVPN suppports everything Mullvad does. On windows...
On linux you get fuckall settings. No split tunneling, no dns, no wireguard, no nothing. There seems to be no parity between linux and windows. That is less than poorly supported, it's atrocious tbh.
On windows you even get a fancy map with triangles that shows server locations that can be used to quick connect.
And this is with an unlimited account so i don't believe it's an account level limit.
Edit: I just looked and to be fair they do state in the plan features that Split tunneling is only available on Android and Windows
At the very least it's super weird.
I don't get why they don't focus on creating partity and add the bare minimum functions like sync for drive and split tunnel for vpn on all devices before spreading out to password managers and so on.
I'm slowly losing confidence in them.
Thanks for the in depth answer.
I think a paid account has more features, but i of course don't know if they apply to the linux client.
I'll check the features once i get on my pc and get back to you.
I might even spin up a windows VM to check the differences between the versions if i can find the time.
It's horrible. I've had to hack together a shell script to switch between countries using a bunch of openvpn config files. The official app broke my Linux Mint network setup.
I think thats fine, actually. How many services move at an insane speed nowadays, and break as much as they fix? As long as they have the features I need, I can live with slower updates. And If they don't have all the features I need I am not ready to migrate yet anyways.
I agree. Especially since tons of password managers exist on the market and in many forms.
I would rather prefer that they improve Proton Drive and Proton Calendar, that are to me much more complementary to Proton Mail.
This is exactly my sentiment. I had an account with two mail users, custom domain, one VPN connection, etc. for a couple of years. It was nice but while ProtonMail is one of their most mature product, it still feels quite lacking compared to other offerings. And with every other product they have, things feel less and less thorough. I support their efforts, but don't really want to pay for the way they're doing it. I still keep an eye out though, because I think it has a lot of potential.
Unfortunately, I went back to less privacy-focused platforms. My wife and I rely heavily on shared calendars, reminders, tasks, desktop drive clients, and other groupware functionality. So we're back with those Google bastards for now.
Like I said I really like the general concepts of Proton and was a paying user for over a year, but eventually we just had to move back to Google because of the lack of features.
If their offerings become more mature, then we'll absolutely be looking at coming back!
Same here. I'm fine using Proton for my mail & drive, but I also like keeping my passwords separate in bitwarden, and my 2fa separate in my raivo. A healthy separation is good.
Yeah I'm quite tempted to get on board with Proton as they could replace Tutanota, Bitwarden, Nord VPN and One Drive/Google Drive for me. Seems convenient and privacy focused but obviously all my eggs in one basket seems like something I might come to regret.
Same for me. I use protonmail and used protonvpn for a while, but putting all my eggs in the same basket... I will keep using other providers for my other stuff.
Just wish KeepassXC supported Bitwarden export. Tried that earlier this week and it was no good. So staying on Bitwarden. I did install Proton Pass and tried it out. It is not as intrusive as Bitwarden on Android for permissions. Staying on Bitwarden for now . . . I hate passwords . . .
Export was JSON, keypassXC supports CSV so converted to CSV but the import seemed scrambled. Just didn't work well. I see there is an issue on bitwarden import but isn't ready yet for keepassXC
Probably none, if you're fine with KeePass. Personally I don't want to use anything that's hosted on someone else's server. It's a bit more inconvenient to use the local files of KeePass only, but I'd rather feel a bit safer with that, even if by all account BitWarden/Proton Pass would be fine.
I like Bitwarden because it's reliable, secure, feature-rich, and incredibly reasonably priced. But also, if they ever do something that crosses the line, I can spin up a Vaultwarden on a VPS and move my vault in an hour or two.
It's the same reason I host a dumb blog on WordPress owned infrastructure. I support FOSS companies, and like the ejector button freedom.
Proton is starting to loose focus in my opinion. I've been a costumer for 5 years only using email and I moved this year to fastmail and I couldn't be happier.
Unlimited emails alias, good apps, ability to use thunderbird without a self hosted bridge.
The promise of a encrypted email does not work if your contacts are not on proton too (for me was 100% of my contacts).
If you are really focused on privacy you would choose nextcloud for cloud for example and keypass or Bitwarden for password managers.
I would like them to focus on email client features and stop this side hustles.
Fortunately, I don't have the same experiences as you. I mean, sure, I've encountered bugs in the Android app, but I've never lost any files with my selfhosted Nextcloud server.
Setting up the Nextcloud server and optimizing it was quite a big hassle for me (took an entire afternoon), but after it was all done, I was pretty happy with it.
No, the web UI is quite slow and that probably won't change, but the caldav server and the Windows Desktop app work perfect. The automatic upload of media on my (Android) phone has no issues at all.
In my experience, the most issues are with the web UI due to its bad performance, but besides that, it works perfectly.
They make good products, but they promise release dates over and over again, and miss them by 2+ years.
They also fuck people over by releasing apps to only their visionary memberships. Like okay. Guess my $150/month doesn't mean shit because I'm not visionary? Glad to wait 8 months for the beta to trickle down to me..
Still waiting on the ProtonMail Android app to be remade, and ProtonDrive Windows desktop app.
Edit: wait, I need a business plan to use this? What?
Ya, I'll stick to my $1.30 CAD per month for BitWarden over the $6 for this.
I feel their business side is run by morons. I tried to setup a small business with them, and gave up when I couldn't wrestle a price out of their sales folks after two weeks of back and forth emails.
As discussed in the January update, Android will require more work as we are rewriting more of the application, with a big focus on performance and stability. This means some Android features you have requested for Mail are not in our immediate scope for delivery. In particular, conversation view (also known as threading view) won’t make it into the first version of the new Android app, but we hope to deliver it soon after release.
The inbox is constantly showing loading for me. If I get a notification, I can tap that and view that specific email, but I can never view the whole inbox. It has been this way for me for months.
Paid plan adds really basic features other password managers offer for free. Like auto copying of 2FA codes.
Wouldn't be bad if I could just pay for it. The fact they are requiring me to upgrade to a different tier to do it is ridiculous. This model should be shunned hard.
I shouldn't have to upgrade to an entirely different tier to unlock access to a different Proton service. I should be able to just subscribe to it. Especially since Proton has removed previous tiers in the past, so who's to say if I no longer want Proton Pass that I can downgrade back to my previous tier?
Like ya, the business tier offers Pass Plus, Drive Plus, and VPN Plus, all of which I do not care about nor do I want. Stop bundling it together. Sell me Pass Plus separately.
Terrible, terrible system. I am honestly over the way they manage their company, and I really think about leaving their services for good. I'm sure when they release Proton Notes it'll be in beta for visionary customers for 3 years before trickling down to us plebs that only pay $150/month and even then it'll only be available on their business plan.
EDIT: actually it seems like they only offer 2FA on their paid plan in general.
EDIT 2: for those wondering, I have a mail essentials business plan customized to allow a bunch of custom domains. The fact I pay SO much just to have a handful of custom domains, but the rest of my account essentially gets the same features as a FREE Proton account is insane. I'd love to pay less and remove Proton VPN, since I literally never use it, as Mullvad is better and cheaper.
Why am I paying so much, but I am treated like a free user?
I advice anyone against switching for now, especially if you're using KeePass or Bitwarden. Proton Pass has just been released, meaning it is not audited and it's immature.
I would not trust it with my passwords just yet.
@protonmail Proton claims to be a privacy oriented company and yet their email app doesn't show push notifications without Google Play Services means you will either have to use Google Play Services or live without push notifications (if you are using a degoogled phone). If Tutanota app could show push notifications without Google Play Services, it is definitely possible. What a joke!!
@SoulKeeper While we rely on Google Play Store services for push notifications, they are end-to-end encrypted. To stay private when using Proton Mail on an Android phone, we recommend trying some of these tips: https://proton.me/blog/android-privacy .
We are also working on a complete rewrite of our Android app, which will allow for the improved functionalities and features to be added.
I was in the beta of it, didn't use it though as i am on 1password.
For me it's important that i have a desktop application. I don't want to open my fcking webbrowser anytime i need a password or want to edit some credentials.
And they simply don't have one. I gave it as feedback and they say it's on their roadmap. I said they should take 1passwords desktop as inspiration as it works so fcking good; I really love that floating quick search that you can summon with a keycombo.
I probably would anyway. It was just in case Proton had come up with some killer feature or security measure that would blow everything else out of the water.
Great that it has an email alias feature built in. But I use 1Password and to me it's been so great that it'd be really hard to convince me switching to something else.
Bitwarden supports AnonAddy, DuckDuckGo, Fastmail, Firefox Relay, and SimpleLogin. I use it with my paid SimpleLogin account using the SimpleLogin default email domain (configurable in your settings - can be a SL-owned domain or your own).
I'm guessing ProtonPass just uses SimpleLogin on the backend since SimpleLogin is owned by Proton. I don't think there's really much difference unless you count 1-party being an advantage instead of 2-party.
Edit: O there is a difference in cost - not sure if this is what you meant. Bitwarden+SL will cost more (assuming introductory $1/month pricing on ProtonPass)
It's great that Bitwarden integrates with other services. It's just very convenient to have it completely built in, especially for inexperienced users. You don't need to do any setup, and if the password manager is smart enough to suggest using an alias automatically when a registration requires an email address, it's a no-brainer.
Been using Bitwarden for a few years now, but this one looks tempting. I suppose it has better UI and integrated 2FA sounds nice. Also I’m already a Proton Mail subscriber, so it could be nice addition to the ecosystem.
If they're going to try to compete with Bitwarden they could at least offer 2FA for free instead of paywalling it as a feature. It was disappointing when Bitwarden did it, and it's even more disappointing with Proton - it's like failing an open book test.
It's mainly a difference in threat model. 2FA within a password manager is still 2FA for concerns of a website login being hacked by remote adversaries, which is the most important problem to solve.
If you use 2FA within your password manager, you should still lock that outer-most password vault with 2FA from a separate device (like you said), which solves your password vault being hacked by remote adversaries. Optionally, you can then use aggressive idle-locking of your vault on your personal devices, in case they're stolen physically.
I’m all for open source alternatives to bitwarden but this is non competitive with a mandatory subscription fee. Bitwarden is completely free for most users.
I thought the same thing but it actually does have a limited free plan. Seems like, similar to BW, it restricts 2FA behind the pass, but also with the pass you get unlimited hide-my-email aliases, multiple vaults to organize in (I don't know what this means), and eventually autofill credit cards.
This is quite a bit more expensive than BW's paid plan though. Not sure what all differences it has to BW otherwise.
I don't think using the same credentials for an email service and a password manager is a good idea, regardless of how much I like Proton and what they stand for.
But to add to that as well: If the site has stored your password insecurely, they will probably have lost your 2FA secret too. Which even has to be stored in 'plain text' in contrast to your password.
I think 2fa-in-your-password-manager is slightly better than not using it, since it requires that the attacker have access to your password vault, so it still protects against cases where just your password leaked somehow, but yeah, definitely not as good as full 2fa.
As per the video they released https://youtu.be/M8doASpFbuk it allows you to immediately enter the 2FA account.. oh man. as @noodlejetski said, this very much negates the whole point of 2FA.
I really like protonmail and have been a paying user for years now. But nothing beyond calendar and mail has really made a lot of sense to me so far. I'll stick to my Keepass container, syncing that across my devices. It's easy to manage and I don't need to trust anyone else with that data ever in no way, shape or form.
Not fully accurate. The 2FA still prevents issues such as credential stuffing or bruteforcing, which might not depend on you. Of course, these risks are very limited if you use random unique passwords (as it makes sence since you are using a password manager).
Also 2FA is anyway there for the password manager, and if you have a session on, chances are the same applies for the target app (for example, your email). So it's not completely useless.
This said, I agree with the general principle. I personally use yubikeys where I can, including to store the TOTP codes (I never liked the phone to be 2FA device that much...)
Yeah, that's what I said one line after. However there are also other corner cases (very unlikely) such as shoulder diving or a video recording, or people simply not using random unique passwords (for example because they chose the password before and they don't want to rotate it). In general I agree with the principle that is not 2FA if it's all in one place, but it's also quite a corner case that the password manager is pwned alone (i.e., and not the target services), and in any case it's not like not having 2FA at all.
Tempting. I've been using Bitwarden for awhile now and it's been fantastic. I am not sure I need to switch.
Same. I'll continue to use Bitwarden. I think it's good to have other open-source options out there, though. Proton Pass is definitely prettier and will appeal to some people that care more about the aesthetics.
continues to use Bitwarden also.
I bought it at $1 a month because it basically includes simplelogin for free. Which is normally $30 a year or more. The catch is you can only create simplelogin aliases via the password manager extension only.
I have signed up for pass but simple login still only shows only 10 aliases. Should I be getting unlimited?
Do not switch yet. Proton Pass offers nothing beyond Bitwarden, it's immature and hasn't been audited.
I have no experience with bitwarden, but I already have a paid mail with proton and that makes this password manager free, and I kinda lost faith in my previous manager LastPass after last year.
So far, at the least the interface of proton pass is miles ahead of lastpass.
I'm not sure how to double check their claims, but they do say on their page:
"Proton Pass has passed rigorous independent security audits"
It's not available yet, but audit should probably end up here later: https://proton.me/community/open-source
Same boat, like supporting proton, but hard to justify switching from a self-hostable option that's working great.
I’m a faithful Bitwarden user. No need to switch
The only thing keeping me from switching to Bitwarden from Enpass is that it's a lot more convenient having two separate fields for Username and Email. I want to be able to have both saved without creating a new field each time.
I wish that proton would focus on the depth of their present stack, as opposed to breadth.
I've been begging for rclone support for proton drive for a long time now.. without it, I basically have 1tb sitting there useless.
Same thoughts here. ProtonVPN under Linux is very poorly supported.
Just out of curiosity. How is it poorly supported?
I haven't used it much yet, but the times i have it seems to have worked fine.
IIRC it's missing a number of features that ProtonVPN Windows has. I last checked into it a year or so ago and the attitude was that it was a very shoddy application missing most features. I found this github issue expressing this sentiment but I don't see much in terms of specifics.
I don't have a paid ProtonVPN but I just downloaded the VPN on a free account and it only has 3 options on it:
I use Mullvad so I opened that up alongside and will list out the features it has on its Linux client in comparison:
The main ones for me are split tunneling and Wireguard. Using a VPN that doesn't support these is a non-starter for me, unfortunately. If any of this is different when you have a paid ProtonVPN account let me know - I don't have very much experience with it.
TBH, if protonVPN under linux was any good I would probably have Proton Unlimited. I can't justify paying for Mullvad and Proton Unlimited, so I DIY my own collection of services to match functionality for about the same price.
I just had a look and as far as i can tell ProtonVPN suppports everything Mullvad does. On windows...
On linux you get fuckall settings. No split tunneling, no dns, no wireguard, no nothing. There seems to be no parity between linux and windows. That is less than poorly supported, it's atrocious tbh.
On windows you even get a fancy map with triangles that shows server locations that can be used to quick connect.
And this is with an unlimited account so i don't believe it's an account level limit.
Edit: I just looked and to be fair they do state in the plan features that Split tunneling is only available on Android and Windows
That's crazy. Proton just not giving a fuck about Linux is a red flag for a privacy company.
At the very least it's super weird.
I don't get why they don't focus on creating partity and add the bare minimum functions like sync for drive and split tunnel for vpn on all devices before spreading out to password managers and so on.
I'm slowly losing confidence in them.
Thanks for the in depth answer.
I think a paid account has more features, but i of course don't know if they apply to the linux client.
I'll check the features once i get on my pc and get back to you.
I might even spin up a windows VM to check the differences between the versions if i can find the time.
Yeah its sucks. It is also based on Python and not stable as much as Mullvad.
Missing lots of features. Proton does not prioritize Linux at all
It's horrible. I've had to hack together a shell script to switch between countries using a bunch of openvpn config files. The official app broke my Linux Mint network setup.
Wish I could up vote that 100 times!
This was an acquisition (SimpleLogin) then having the acquired developers work on Proton Pass.
It still took up some resources but it's not like they took all their developers off the other projects.
I'd like separate address inbox support for my proton mail web client
I think thats fine, actually. How many services move at an insane speed nowadays, and break as much as they fix? As long as they have the features I need, I can live with slower updates. And If they don't have all the features I need I am not ready to migrate yet anyways.
I agree. Especially since tons of password managers exist on the market and in many forms. I would rather prefer that they improve Proton Drive and Proton Calendar, that are to me much more complementary to Proton Mail.
This is exactly my sentiment. I had an account with two mail users, custom domain, one VPN connection, etc. for a couple of years. It was nice but while ProtonMail is one of their most mature product, it still feels quite lacking compared to other offerings. And with every other product they have, things feel less and less thorough. I support their efforts, but don't really want to pay for the way they're doing it. I still keep an eye out though, because I think it has a lot of potential.
I'll prob stay paying, as their integration with simplelogin is very convenient. What services do you use in place of proton that feels more mature?
Unfortunately, I went back to less privacy-focused platforms. My wife and I rely heavily on shared calendars, reminders, tasks, desktop drive clients, and other groupware functionality. So we're back with those Google bastards for now.
Like I said I really like the general concepts of Proton and was a paying user for over a year, but eventually we just had to move back to Google because of the lack of features.
If their offerings become more mature, then we'll absolutely be looking at coming back!
Have you tried Skiff? It will be listed on PG soon, and ticks all the boxes.
I have not, but I will! Thanks!
+1 for skiff
I'm pretty sure the app is great, but I am not a fan of putting all my eggs in the same basket. I will keep using Bitwarden for the time being.
Same here. I'm fine using Proton for my mail & drive, but I also like keeping my passwords separate in bitwarden, and my 2fa separate in my raivo. A healthy separation is good.
Yeah I'm quite tempted to get on board with Proton as they could replace Tutanota, Bitwarden, Nord VPN and One Drive/Google Drive for me. Seems convenient and privacy focused but obviously all my eggs in one basket seems like something I might come to regret.
At the end of the day, they may be the safest privacy-focused company out there, but they still own my data. Never trust anyone.
Hey, a fellow tutanota user?
Same for me. I use protonmail and used protonvpn for a while, but putting all my eggs in the same basket... I will keep using other providers for my other stuff.
Any strong reasons to switch from KeePassXC?
Probably not.
KeepassXC with Syncthing is the best option I've found.
Just wish KeepassXC supported Bitwarden export. Tried that earlier this week and it was no good. So staying on Bitwarden. I did install Proton Pass and tried it out. It is not as intrusive as Bitwarden on Android for permissions. Staying on Bitwarden for now . . . I hate passwords . . .
Proton Pass does do a BitWarden import so I will probably run with that for awhile.
Bitwarden export is also pretty limited
I've been making the switch from KeePass / Keeweb to Bitwarden and it went pretty well with the export as far as I remember, what went wrong for you?
Export was JSON, keypassXC supports CSV so converted to CSV but the import seemed scrambled. Just didn't work well. I see there is an issue on bitwarden import but isn't ready yet for keepassXC
Use export as XML instead, I just tried it and it works well for me : fields are consistent so far and my folders went through.
oh? Nice! Will give that a try this weekend!
Probably none, if you're fine with KeePass. Personally I don't want to use anything that's hosted on someone else's server. It's a bit more inconvenient to use the local files of KeePass only, but I'd rather feel a bit safer with that, even if by all account BitWarden/Proton Pass would be fine.
I like Bitwarden because it's reliable, secure, feature-rich, and incredibly reasonably priced. But also, if they ever do something that crosses the line, I can spin up a Vaultwarden on a VPS and move my vault in an hour or two.
It's the same reason I host a dumb blog on WordPress owned infrastructure. I support FOSS companies, and like the ejector button freedom.
I would say the sync feature as it may be more convenient on iOS etc
Proton is starting to loose focus in my opinion. I've been a costumer for 5 years only using email and I moved this year to fastmail and I couldn't be happier. Unlimited emails alias, good apps, ability to use thunderbird without a self hosted bridge.
The promise of a encrypted email does not work if your contacts are not on proton too (for me was 100% of my contacts).
If you are really focused on privacy you would choose nextcloud for cloud for example and keypass or Bitwarden for password managers.
I would like them to focus on email client features and stop this side hustles.
Proton's whole reason to exist is to provide privacy, not email client features.
I hear what you're saying but Nextcloud is definitely not a viable option for reliable backups. Wayyyy too buggy to trust
I can not be, nextcloud was just an example. I have never had an issue with nextcloud backups
Certainly way too buggy if you're selfhosting. At least that was my experience. And if you're not, the privacy component really goes away.
Fortunately, I don't have the same experiences as you. I mean, sure, I've encountered bugs in the Android app, but I've never lost any files with my selfhosted Nextcloud server.
Setting up the Nextcloud server and optimizing it was quite a big hassle for me (took an entire afternoon), but after it was all done, I was pretty happy with it.
No, the web UI is quite slow and that probably won't change, but the caldav server and the Windows Desktop app work perfect. The automatic upload of media on my (Android) phone has no issues at all.
In my experience, the most issues are with the web UI due to its bad performance, but besides that, it works perfectly.
I've had issues with updates. Maybe I should give it another look.
Nextcloud in the cloud works fine with KeepassXC
Thought this was about Valve's Wine fork and was very confused 😅
Has anyone tried it yet? Two downsides for me:
It's also more expensive than Bitwarden even at €1/mth
"no desktop app" One can use the iPad App on Mac with m1, tho sure not optimised for desktop.
"No safari extension" They announce it on their download page, so it should be available later.
This company is a love hate relationship.
They make good products, but they promise release dates over and over again, and miss them by 2+ years.
They also fuck people over by releasing apps to only their visionary memberships. Like okay. Guess my $150/month doesn't mean shit because I'm not visionary? Glad to wait 8 months for the beta to trickle down to me..
Still waiting on the ProtonMail Android app to be remade, and ProtonDrive Windows desktop app.
Edit: wait, I need a business plan to use this? What?
Ya, I'll stick to my $1.30 CAD per month for BitWarden over the $6 for this.
I feel their business side is run by morons. I tried to setup a small business with them, and gave up when I couldn't wrestle a price out of their sales folks after two weeks of back and forth emails.
How.come u.r paying 150$/month? Havent you ment 150$/year?
The protonmail app seams good to me on Android?
It's missing so much that iOS has. They've said they are releasing a rewritten app, but keep delaying it.
For example, there's no threaded email support on Android.
https://proton.me/blog/2022-roadmap
True, no threads. I didn't notice cause for threads I usually used the website on my laptop
Me too, I love all of their Android apps personally.
YMMV based on the phone though.
The inbox is constantly showing loading for me. If I get a notification, I can tap that and view that specific email, but I can never view the whole inbox. It has been this way for me for months.
Why do you need the paid subscription? I thought it was for businesses, organizations etc.
Paid plan adds really basic features other password managers offer for free. Like auto copying of 2FA codes.
Wouldn't be bad if I could just pay for it. The fact they are requiring me to upgrade to a different tier to do it is ridiculous. This model should be shunned hard.
I shouldn't have to upgrade to an entirely different tier to unlock access to a different Proton service. I should be able to just subscribe to it. Especially since Proton has removed previous tiers in the past, so who's to say if I no longer want Proton Pass that I can downgrade back to my previous tier?
Like ya, the business tier offers Pass Plus, Drive Plus, and VPN Plus, all of which I do not care about nor do I want. Stop bundling it together. Sell me Pass Plus separately.
Terrible, terrible system. I am honestly over the way they manage their company, and I really think about leaving their services for good. I'm sure when they release Proton Notes it'll be in beta for visionary customers for 3 years before trickling down to us plebs that only pay $150/month and even then it'll only be available on their business plan.
EDIT: actually it seems like they only offer 2FA on their paid plan in general.
EDIT 2: for those wondering, I have a mail essentials business plan customized to allow a bunch of custom domains. The fact I pay SO much just to have a handful of custom domains, but the rest of my account essentially gets the same features as a FREE Proton account is insane. I'd love to pay less and remove Proton VPN, since I literally never use it, as Mullvad is better and cheaper.
Why am I paying so much, but I am treated like a free user?
Unless I just miss it: it's not self-hostable, right? So it's open source but currently requires their infrastructure to be usable?
Correct. It's not self-hostable.
Open source client only.
Yeah, pretty much. Proton wants you to pay, so no self hosting options for their services.
I advice anyone against switching for now, especially if you're using KeePass or Bitwarden. Proton Pass has just been released, meaning it is not audited and it's immature. I would not trust it with my passwords just yet.
Proton Pass has already been audited by Cure53.
Its also been in an invite beta for a few months so they would have had time to sort out major bugs and security flaws
I think these will either become obsolete or become passkey based, presumably the latter.
Why?
Goodbye LastPass (I'm aware I should have migrated already but I was holding out for this)
Oh my god you're still on Lastpass? RUN!
Not as of last night!
The most important step a man can take. It's not the first one, is it? It's the next one. Always the next step.
@protonmail Proton claims to be a privacy oriented company and yet their email app doesn't show push notifications without Google Play Services means you will either have to use Google Play Services or live without push notifications (if you are using a degoogled phone). If Tutanota app could show push notifications without Google Play Services, it is definitely possible. What a joke!!
@SoulKeeper While we rely on Google Play Store services for push notifications, they are end-to-end encrypted. To stay private when using Proton Mail on an Android phone, we recommend trying some of these tips: https://proton.me/blog/android-privacy .
We are also working on a complete rewrite of our Android app, which will allow for the improved functionalities and features to be added.
Wait what I have no google services and I get all the notifications. I do have microG of course...
I don't think that's true.
I get push notofications on my degoogled phone.
With a background service, yes.
https://github.com/AgoraDesk-LocalMonero/agoradesk-app-foss/blob/main/Notifications.md
I was in the beta of it, didn't use it though as i am on 1password.
For me it's important that i have a desktop application. I don't want to open my fcking webbrowser anytime i need a password or want to edit some credentials.
And they simply don't have one. I gave it as feedback and they say it's on their roadmap. I said they should take 1passwords desktop as inspiration as it works so fcking good; I really love that floating quick search that you can summon with a keycombo.
Interesting. I only require passwords in my browser.
This is how I feel as well. The 1password desktop app is just too good to let go.
Only issue i face here on linux is that the app crashes when i send my PC to sleep.
Have to restart everytime i wake it up, therefore have to enter my password everytime...bummer
Lack of desktop app is indeed a bummer
And as long as it's not there, i am sticking to 1password.
I agree, I really hope they will release it ASAP and not trying to avoid it like passbolt is doing.
Awesome! How does it compare to BitWarden?
It doesn't have feature parity (yet?). If you're happy with Bitwarden, I'd stick with it.
I probably would anyway. It was just in case Proton had come up with some killer feature or security measure that would blow everything else out of the water.
Yep for now, many features do not simply exist (like folders...) , but it works for the daily usage (except the desktop app haha).
I'm also using Bitwarden and now trying Proton Pass as I'm already a user of Proton VPN etc... I also hope they release soon the app for desktop.
Is it open source though?
Here you go :)
https://github.com/ProtonPass
It's advertised as open source
Great that it has an email alias feature built in. But I use 1Password and to me it's been so great that it'd be really hard to convince me switching to something else.
For the record, Bitwarden also has email aliasing built-in when generating a username:
Yeah, but with Proton, the email service is built-in, while BitWarden relies on an external service (say a domain you use for catch-all).
Bitwarden supports AnonAddy, DuckDuckGo, Fastmail, Firefox Relay, and SimpleLogin. I use it with my paid SimpleLogin account using the SimpleLogin default email domain (configurable in your settings - can be a SL-owned domain or your own).
I'm guessing ProtonPass just uses SimpleLogin on the backend since SimpleLogin is owned by Proton. I don't think there's really much difference unless you count 1-party being an advantage instead of 2-party.
Edit: O there is a difference in cost - not sure if this is what you meant. Bitwarden+SL will cost more (assuming introductory $1/month pricing on ProtonPass)
It's great that Bitwarden integrates with other services. It's just very convenient to have it completely built in, especially for inexperienced users. You don't need to do any setup, and if the password manager is smart enough to suggest using an alias automatically when a registration requires an email address, it's a no-brainer.
How many inexperienced users are using a password manager with an email aliasing service?
I don't know, but there's no denying that it's more convenient. Whether you see that as a relevant advantage is up to you.
Been using Bitwarden for a few years now, but this one looks tempting. I suppose it has better UI and integrated 2FA sounds nice. Also I’m already a Proton Mail subscriber, so it could be nice addition to the ecosystem.
BitWarden has integrated 2FA.
Oh right, my bad
I tried it and its pretty cool and polished, but Bitwarden is WAY better in every poseible way.
I agree with you there, KeePassXC is definitely the superior choice.
If they're going to try to compete with Bitwarden they could at least offer 2FA for free instead of paywalling it as a feature. It was disappointing when Bitwarden did it, and it's even more disappointing with Proton - it's like failing an open book test.
It's mainly a difference in threat model. 2FA within a password manager is still 2FA for concerns of a website login being hacked by remote adversaries, which is the most important problem to solve.
If you use 2FA within your password manager, you should still lock that outer-most password vault with 2FA from a separate device (like you said), which solves your password vault being hacked by remote adversaries. Optionally, you can then use aggressive idle-locking of your vault on your personal devices, in case they're stolen physically.
2FA is a paid feature!
That's true "don't put all of your eggs in one basket"
2FA through your password manager is not 2FA.
I’m all for open source alternatives to bitwarden but this is non competitive with a mandatory subscription fee. Bitwarden is completely free for most users.
I thought the same thing but it actually does have a limited free plan. Seems like, similar to BW, it restricts 2FA behind the pass, but also with the pass you get unlimited hide-my-email aliases, multiple vaults to organize in (I don't know what this means), and eventually autofill credit cards.
This is quite a bit more expensive than BW's paid plan though. Not sure what all differences it has to BW otherwise.
Th email protection is nice, but my one of my mails is already full of spam, so I don't care any more and just use that when I don't trust..
I think you log in with your proton account, that supports yubikeys for 2fa
I don't think using the same credentials for an email service and a password manager is a good idea, regardless of how much I like Proton and what they stand for.
What does 2FA authenticator mean? Is it a vault to store your 2FA seeds?
yeah, although using a password manager as a 2FA provider sort of negates the "2F" part.
Depends. I use 1Password and let it store all my 2FA, because my 1Password login is secured with another 2FA.
Yo dawg
Now imagine I would use a third 2FA app to store the second 2FA.
I disagree. 2FA also protects against a breach/leak of the site. If your password is leaked or stored insecurely, then the 2FA still helps.
But to add to that as well: If the site has stored your password insecurely, they will probably have lost your 2FA secret too. Which even has to be stored in 'plain text' in contrast to your password.
I think 2fa-in-your-password-manager is slightly better than not using it, since it requires that the attacker have access to your password vault, so it still protects against cases where just your password leaked somehow, but yeah, definitely not as good as full 2fa.
As per the video they released https://youtu.be/M8doASpFbuk it allows you to immediately enter the 2FA account.. oh man. as @noodlejetski said, this very much negates the whole point of 2FA.
I really like protonmail and have been a paying user for years now. But nothing beyond calendar and mail has really made a lot of sense to me so far. I'll stick to my Keepass container, syncing that across my devices. It's easy to manage and I don't need to trust anyone else with that data ever in no way, shape or form.
Not fully accurate. The 2FA still prevents issues such as credential stuffing or bruteforcing, which might not depend on you. Of course, these risks are very limited if you use random unique passwords (as it makes sence since you are using a password manager).
Also 2FA is anyway there for the password manager, and if you have a session on, chances are the same applies for the target app (for example, your email). So it's not completely useless.
This said, I agree with the general principle. I personally use yubikeys where I can, including to store the TOTP codes (I never liked the phone to be 2FA device that much...)
Yeah, that's what I said one line after. However there are also other corner cases (very unlikely) such as shoulder diving or a video recording, or people simply not using random unique passwords (for example because they chose the password before and they don't want to rotate it). In general I agree with the principle that is not 2FA if it's all in one place, but it's also quite a corner case that the password manager is pwned alone (i.e., and not the target services), and in any case it's not like not having 2FA at all.
I'd say to be wary, the huge benefit of Bitwarden and 1Password Is how they've been independently audited and approved for use.
Protonpass has not as of yet, it's way too early to jump ship and put so much at risk
The marketing around protonpass was also a little scummy
I like my data like my social medias: Federated (in a sense) and open-source.
Bitwarden for passwords and secure notes.
Proton for other data like VPN, Mail, cloud Drive, and Calendar.
Not too much federation or it becomes a security concern as well. Requires more trust.
Also I love that I'm seeing this content frontpage here. Never even saw this on Reddit.
Edit: Here is a link for a free month of ProtonMail Plus to try out :)
https://pr.tn/ref/CZC33K0HVWGG
I like to see it! I’ll stay Bitwarden for now cause it works well (and I just went premium) but I’ll keep an eye on it.