Proton launches an end-to-end encrypted passwor

[ImranQ]

In addition to encrypting your passwords, Proton Pass applies the same layer of security to stored usernames, notes, and web addresses.

Proton, the company behind Proton Mail, has

Zaloguj lub Zarejestruj się aby zobaczyć!

: Proton Pass. While the service will eventually become free for everyone to use, it’s currently only available as a beta to Proton’s Lifetime and Visionary users for now.

As is the case with Proton’s other products, Proton Pass uses end-to-end encryption (E2EE) that’s supposed to keep your personal information away from prying eyes, including third parties and Proton itself. In addition to letting you store your usernames, passwords, and notes, you can also add any randomly generated email aliases that you can use as a replacement for your real address.

The password manager won’t have support for passkeys at launch, however. Proton spokesperson Will Moore tells The Verge that while it’s part of the company’s “long term roadmap,” it believes “passwords are not going away anytime soon as passkey adoption will not happen overnight.”
Proton’s new password manager not only applies E2EE to your passwords but also the usernames, web addresses, and all the other fields associated with your login information. In

Zaloguj lub Zarejestruj się aby zobaczyć!

explaining the service’s security model, Proton notes that “all cryptographic operations, including key generation and data encryption,” happen locally on your device, which Protons says it can’t decrypt, even if a third party requests it.

This kind of “zero knowledge” security model is the same type of feature touted by other popular password managers, including

Zaloguj lub Zarejestruj się aby zobaczyć!

and

Zaloguj lub Zarejestruj się aby zobaczyć!

, the latter of which became

Zaloguj lub Zarejestruj się aby zobaczyć!

last year. After hackers stole LastPass’s source code and encrypted password vaults,

Zaloguj lub Zarejestruj się aby zobaczyć!

, with researcher

Zaloguj lub Zarejestruj się aby zobaczyć!

, “LastPass’s claim of ‘zero knowledge’ is a bald-faced lie” and that it has “about as much knowledge as a password manager can possibly get away with.”
“Protecting your passwords properly requires a high level of competence with encryption and security, which few organizations have,” Proton founder Andy Yen writes in a blog post. “We’ve always been worried about the risk posed by a major password manager breach, which unfortunately became a reality with the recent hack of LastPass.”

The company’s new password manager comes a little over a year

Zaloguj lub Zarejestruj się aby zobaczyć!

, a tool that lets users send anonymous emails. Yen says this acquisition increased the company’s “ability to develop a new password manager without impacting efforts on other Proton services” and that it should help mitigate the risks associated with using an insecure password manager with Proton’s range of products.

Proton plans on making its password manager open source once it’s released to the public and is also offering

Zaloguj lub Zarejestruj się aby zobaczyć!

for security researchers who can find vulnerabilities within Proton Pass and its other products. The password manager is currently available on desktop, Android, iOS, and as a browser extension for Brave and Google Chrome, with an extension for Firefox coming soon.

Zaloguj lub Zarejestruj się aby zobaczyć!