this post was submitted on 17 Jul 2023
8 points (100.0% liked)

Proton

5266 readers
6 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

What would be the recommended route for logging in to proton pass?

Currently I have a random string password string stored in Bitwarden and auto fill whenever I need to login to proton. Obviously I need to remember my master password to gain access to my vault.

If I were to potentially switch over to proton pass exclusively, I would need to change the proton password in something I can remember instead. I would argue it might actually reduce the security challenge for the proton account.

Any thoughts on the topic?

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago

A long memorable passphrase is pretty good as a master password for a password manager.

[–] [email protected] 3 points 1 year ago

You can login to proton pass (after the first time) with either a PIN for the browser extension, or your fingerprint on mobile (if your phone has a fingerprint reader). You can also make your password memorable but still very long.

[–] [email protected] 3 points 1 year ago

I agree with other comments, a long passphrase coupled with a couple of yubikeys would be great. Even more when a separate validation for Pass come to production. Hopefully soon.

[–] [email protected] 2 points 1 year ago

Afaik they‘re working on deattach Pass from the other Services, until then I keep BW + Authy as a backup

[–] [email protected] 1 points 1 year ago (1 children)

I'm a little worried about this too... With 1Password, I'm fine with having a master password I can remember, since I know it's only useful to an attacker if they also have access to one of my devices, or know my Secret Key. That means that a targeted, high-effort attack is necessary to get in. Proton Pass just being protected by a single password makes it way easier to run remote attacks.

[–] [email protected] 3 points 1 year ago

You can use 2fa with proton as well. I have yubikeys configured for instance.