Proton Pass Review (2025): Finally Standing Tall

Excellent free plan. Open root applications. Robust email masking. 10 GB of storage. Cheap erstwhile bundled pinch Proton Unlimited. Passkey support.

Breach notifications aren’t enabled by default. Mobile app stays unlocked successful nan inheritance for a short time.

It’s singular how quickly Proton Pass has evolved. The app is simply a small complete 2 years old, and Proton has quickly moved to toggle shape Pass from a bare-bones browser hold into 1 of nan best password managers connected nan market. Major updates look to show up each period aliases two. Even arsenic I constitute this review, Proton launched an emergency entree characteristic little than 2 weeks ago.

Proton didn’t catapult to nan apical of nan password head stack solely because of caller features. It has a clear, accordant committedness to updates, mixed pinch nan champion free password head scheme I’ve seen and a robust strategy of apps you tin get for a azygous price. Proton Pass tin guidelines connected its own, but it stands moreover taller arsenic portion of Proton’s extended suite.

Perhaps nan top plus Proton Pass has is Proton itself. It’s a institution pinch a agelong history erstwhile it comes to information and privacy, and those aforesaid principles are astatine play pinch Pass, from end-to-end encryption to unfastened root applications.

What Can You Store successful Proton Pass?

Proton Pass gives you a batch of elasticity successful what you shop successful your vault, owed successful nary mini portion to nan truth that Proton gives you a ton of retention space. Every introduction supports matter fields, two-factor authentication codes, notes, and attachments. You get 10 GB of retention pinch a paid plan, but Proton shares your retention abstraction crossed your Proton account. With nan Unlimited plan, you person 500 GB of storage.

Broadly, location are 5 categories of entries: logins (including passkeys), aliases, in installments cards, notes, and identities. Proton has respective different starting points to take from, including everything from aesculapian records to API credentials, aliases you tin commencement from scratch and adhd fields arsenic you spot fit.

Regardless of whether you take 1 of Proton’s starting points aliases commencement an introduction from scratch, everything that falls extracurricular of those 5 main categories is considered a “custom item," which tin make statement a small tricky. I resorted to utilizing vaults arsenic my main method of organization. Proton caps nan number of vaults you tin create astatine 50, but I can’t ideate a business wherever you’d request much than that. Unfortunately, free users person entree to conscionable 2 vaults. With unlimited logins and cross-device sync, location had to beryllium a drawback location connected nan free plan.

You tin rename your vaults, but you tin besides delegate them 1 of a fewer twelve icons, arsenic good arsenic take from a fistful of colour presets. It’s a mini addition, but a small color-coding goes a agelong measurement successful uncovering what you request astatine a glance.

Beyond logins, you tin besides make and shop email aliases, akin to NordPass. It’s a modular feature, moreover if you don't subscribe. Free users are capped astatine 10 aliases, while paying users tin create arsenic galore arsenic they want.

It’s not conscionable a clone email tied to a existent one. You tin group up aliases for illustration that, but Proton allows you to guardant emails to aggregate addresses, create catch-all addresses, and moreover reply straight from nan web app. I admit nan activity log most, though. Proton automatically creates contacts for everyone who interacts pinch your alias, and you tin artifact spammy addresses without ever opening your email client.

No Desktop App

Proton Pass was primitively disposable only arsenic a browser extension, but it now has apps for Windows, macOS, and moreover Linux, arsenic agelong arsenic you’re connected a Fedora- aliases Debian-based distribution. I chiefly utilized Pass successful nan browser, not only because it’s convenient but besides because nan hold is disposable connected conscionable astir everything—Chromium-based browsers person access, and location are abstracted extensions for Firefox, Safari, and Brave.

The browser app has everything you need, and it useful a dainty erstwhile it comes to password seizure and autofill. Proton occasionally asked maine to prevention a password a 2nd clip aft initially dismissing a seizure notification. But extracurricular of that mini hiccup, I ne'er encountered an rumor pinch autofill for forms, logins, aliases in installments cards.

Inside nan app, you person a fewer features that aren’t disposable done nan extension. The cardinal characteristic is Pass Monitor, which is Proton’s information watchdog feature. It’ll show you anemic passwords, accounts wherever you tin alteration 2FA, and critically, accounts that person been victims of a information breach. If you want to spell further, you tin turn connected Proton Sentinel, arsenic well.

Pass Monitor is great, but breach notifications person a problem. By default, Proton only monitors nan email associated pinch your Proton account. If you’re importing passwords from different app, arsenic I did, and you person different emails, those aren’t a portion of nan monitoring by default. And Proton doesn’t show you that. You person to click into breach specifications and manually adhd addresses.

Proton includes a short setup process erstwhile you first unfastened nan app, and dark-web monitoring should beryllium portion of it. You tin easy place manually adding your email and miss breach notifications. The app didn’t show immoderate breaches erstwhile I first started utilizing it, but aft manually adding a burner email for immoderate logins successful my account, I recovered it was progressive successful seven breaches. This really isn’t nan type of characteristic that should beryllium near to chance.

That’s my only rumor pinch nan desktop and web applications, thankfully. There are immoderate useful upsides to these apps. You tin unlock your relationship pinch a PIN alternatively of your relationship password, for example, which makes nan 10-minute auto-lock little annoying to woody with. And Proton maintains a history of passwords it generates for 2 weeks, truthful you tin look backmost successful nan arena nan seizure fails and a caller login isn’t saved to your account.

Password managers are ever a small spotty connected mobile if that’s not nan superior spot you create and shop logins. Logins get associated pinch desktop URLs, and apps often redirect you elsewhere to log in. Proton Pass doesn’t lick that problem—it can’t—but it nails association. As I logged into apps pinch autofill, Pass silently associated immoderate redirect I sewage connected mobile to nan due login. It’s not seamless, and until mobile apps are designed much purposely astir autofill, it ne'er will be. But moreover aft a week of utilizing Proton Pass, I was nary longer stumbling upon pesky login fields.

By default, your vault locks connected mobile aft 2 minutes, but you tin set nan fastener clip from instantly up to 4 hours. You don’t request to re-enter your password each clip you request to unlock nan app. It supports a civilization PIN, on pinch biometrics connected Android and Face ID connected iOS.

My rumor pinch nan mobile app is that it only locks aft nan clip you set. If you move to different app and backmost to Proton Pass, your relationship stays unlocked. It moreover stays unlocked if you adjacent nan app wholly and reopen it. The mobile app should fastener instantly by default, or, astatine nan very least, fastener immoderate clip nan app isn’t pulled to nan foreground.

A Look astatine Proton Pass’ Security

Any password head worthy its brackish uses end-to-end encryption, and if there’s immoderate institution that knows a point astir end-to-end encryption, it’s Proton. The company has received thousands of tribunal orders complete nan years and has been incapable to manus complete data, and it has won challenges to specified orders successful a Swiss court. Its email service, Proton Mail, has been blocked successful Russia for years, and India precocious started cracking down connected its use, arsenic emails can’t beryllium decrypted aliases tracked. If Proton wants to shop personification data, dishonesty astir its encryption, and cooperate pinch nan government, it’s doing a beautiful unspeakable job.

Proton Pass uses nan aforesaid end-to-end encryption arsenic Proton Mail. That’s important successful nan discourse of password managers. It intends that information is only ever encrypted aliases decrypted astatine rest. And to guarantee a information breach wouldn’t expose your passwords, Proton has, miraculously, not suffered a awesome information breach yet.

Proton Pass uses an asymmetric personification key. It’s a public-private cardinal pair, and only you clasp your backstage key. When you make a caller vault, a vault cardinal is generated that's encrypted pinch your personification key. Items wrong a vault are encrypted pinch a random point key, which is past encrypted pinch your vault key, each pinch 256-bit AES-GCM. In short, Proton stores your data, but it doesn’t person nan intends to decrypt that data, and that information can’t beryllium intercepted and decrypted while it’s successful transit.

This is simply a tried-and-true information exemplary for a password manager. Proton Pass doesn’t spell arsenic acold arsenic 1Password pinch its unsocial Two Secret Key Derivation, but it’s still a secure, zero-knowledge model. Proton besides has a stellar way grounds erstwhile it comes to personification information and privacy, which is shocking considering really large a cybersecurity target is painted connected its back.

At first glance, there’s 1 anemic constituent successful Proton’s information erstwhile it comes to Pass: it’s tied to your Proton account. You should beryllium utilizing a strong, unsocial password regardless, but a breach of 1 app could discuss others. Thankfully, Proton allows you to group an other password specifically for Pass if you want.

You’ll request to participate your Proton relationship password first, past your Pass-specific password, to unlock your vault. It’s a hassle, but moreover successful nan improbable arena of a breach, and successful nan moreover much improbable arena that your Proton password is exposed, you’ll still person a furniture of security. Thankfully, you don’t request to participate 2 passwords constantly. After authenticating, Proton Pass will automatically fastener aft a specified play of clip (10 minutes by default). You’ll request to re-enter your password by default, but you tin group up a PIN, arsenic well.

On nan positive side, Proton Pass is unfastened source. Surprisingly fewer password managers unfastened root their applications, but Proton is among them. Even pinch a unafraid foundation, exertion bugs tin expose personification data. Proton takes that seriously. Most awesome password managers person immoderate benignant of bug bounty program—as does Proton, offering up to $100,000 for captious flaws—but unfastened root applications make uncovering those bugs overmuch easier, and they let information researchers to find bugs earlier they go a bigger issue.

Secure sharing is simply a modular characteristic successful password managers, and nan information exemplary is reasonably straightforward. Once again, a public-private cardinal brace is astatine activity erstwhile you stock items aliases afloat vaults pinch Proton Pass. Unique to Pass, however, is Proton’s Key Transparency system.

As battle-tested arsenic public-key cryptography is, it’s still susceptible to man-in-the-middle attacks if an attacker tin spoof a nationalist key. It’s a highly targeted onslaught that’s retired of nan mobility for astir users, but Proton still has a strategy successful spot to get astir a imaginable attack. The Key Transparency strategy stores reside keys connected to Proton users earlier they’re hashed and anonymized, and stored connected a backstage blockchain. It’s a directory of users, conscionable identified by keys and ciphertext alternatively of names and email addresses. When sharing pinch Proton Pass, nan nationalist cardinal is checked against this ledger to guarantee it’s a morganatic user.

Proton Pass has grown up fast. It couldn’t dream to lucifer different password managers 2 years ago, and now, successful immoderate areas, it exceeds moreover nan aged guard. It has besides taken up nan mantle near successful nan aftermath of disastrous breaches pinch LastPass, offering a free, bare-bones password head pinch unlimited login retention and cross-device sync.

As a paid password manager, Proton Pass still holds up. Individual and family plans are competitory pinch 1Password and NordPass and are a touch cheaper than Dashlane. The existent spot comes done Proton Unlimited. Between a VPN, encrypted email, 500 GB of storage, and 1 of nan apical password managers connected nan market, it’s difficult to beat.