|
You asked, we delivered! You can now set an extra password for Proton Pass in addition to your Proton account password, allowing for better compartmentalization and peace of mind. Be sure to store your extra password securely. Rolling out now and available for everyone in the coming days: https://proton.me/support/pass-extra-password 23 comments
@Bandicoot Hi there, we shared more in a recent blog: https://proton.me/blog/docs-proton-drive @supernov @Bandicoot @protonprivacy Indeed, plus I do think it's a different product and some actually already pay for the notes app premium features. Anyway, patience I guess. :) @protonprivacy Is there a paper/discussion about how PP extra password works in detail? It seems from here that it is not another E2E layer that is protecting the Password Manager data (as said in a recent reddit post where proton offered to remove the Extra Password upon account verification). There are plans, when there is a full Extra Password reset/recovery mechanism, to turn it E2E? Thank you  @protonprivacy I believe the original request may have been for a SEPARATE password for Pass and not an additional password. Either a single password is sufficient to secure the contents of Pass or it is not sufficient. A "stand alone" password for Pass has advantages, but a second password should do nothing to enhance security and won't improve the user experience. I think you entirely missed the point of this feature request, Proton. Good try. Fail. @timepencil Anyway, I don't think you need to be condescending about it. Toxicity is not what we need if we want people using privacy software (and thus effectively voting for privacy). @timepencil @dieTasse Hi there, for those seeking a completely separate password detached from existing proton credentials, please vote here: https://protonmail.uservoice.com/forums/953584/suggestions/48633443 @protonprivacy Don't forget, Proton, to add in the other 2000+ votes for the original "Separate Password for Proton Pass" feature request made on UserVoice. You marked that requested feature as 'completed' despite it not actually being developed at all. It's true that the original feature request's wording was a little nebulous, but the user comments and votes were clearly for a SEPARATE password for accessing Proton Pass. I love your work, Proton, and you CAN do better. We know you will! @timepencil Hi there, extra password is a separate layer of authentication on top of your proton account password. An attacker who has your Proton account password would not have access to your Proton Pass account without the extra password. Let us know if that helps or if you have further concerns. @protonprivacy actually, a standalone separate password makes more sense because you want to remember one password to get into your Pass account but then store more complicated passwords within to get into all other accounts you have including the same proton account for email and others. I too was hoping for a standalone and separate password for Pass. They way you be makes it makes little sense for a realistic workflow as you only want to remember one password and not two for the same acct @delosmzp Thanks for the feedback, we'll be sure to share it with the team! For now, rest assured that your Proton account, including Proton Pass is extremely secure if you use a unique and strong password + 2FA. Those on paid plans can also enable Proton Sentinel which helps to prevent account takeovers, even when an attacker has stolen your password. @protonprivacy thank you for considering it. And I understand your logic being such an implementation but it makes less sense given the workflow we are trying to explain here with how we thought this feature addition would be implanted by you. So, I hope this is considered and is updated with what we have explained here in this thread about a separate password and not necessarily an extra password. Disappointed the Proton devs didn't understand the original request. I thought Proton was quite knowledgeable when it comes to security and sure enough needing two passwords and a pin code to get to my passwords is more secure but it's also not very user friendly. That's why originally users suggested to be able to use a different password to login to proton pass, not an extra additional login layer. What we have now makes sense and no sense at all at the same time. There is a typo in the article. Under instructions for iOS and Android, #3 - it should be “without” and not “with” unless I’m mistaken @protonprivacy That's cool and all, but please add folders. It is such a fundamental feature that I'm baffled how you even released this product without it. Every other password manager has it, and the lack of it causes a burden when importing/exporting passwords... @protonprivacy I agree with some of the other respondents here. From a security perspective you ideally want completely different login credentials for Proton Pass than the rest of the Proton suite. You should even be able to use a different username/email. Call me stupid, but what you've done now doesn't make sense at all. |
Gregory's Server
This feature is rolling out today to all Lifetime plans, followed by a staged rollout for Unlimited plans, and it will be available to everyone else over the coming days.