Proton Pass

Proton Pass is a password manager from Proton, a company with a stellar reputation as a provider of VPN and email services. The free version of the password manager syncs unlimited passwords across all platforms, which is great, but the premium version is expensive, especially when compared with our Editors' Choice winner Bitwarden.

How Much Does Proton Pass Cost?

Proton Pass has a free service tier, which includes unlimited password storage across unlimited devices and vault sharing.

Proton Pass Plus costs $59.88 annually, before any discounts. For that, you get all the free tier's perks as well as an unlimited number of email aliases, the ability to generate multi-factor authentication (MFA) codes via the mobile apps, the option to create multiple vaults, vault sharing for up to 10 users, dark web monitoring, and the ability to enroll in Proton Sentinel (more on that feature later).

This price puts Proton Pass on the upper end of password manager paid plans. Bitwarden's premium plan is $10 per year and includes an emergency access option. On the higher end, LogMeOnce's most expensive personal password management tier is $39 annually and includes account activity reports, a diverse set of MFA options, and password inheritance options. Dashlane has a premium plan at the same price as Proton Pass, $59.88 per year, and that includes a VPN, password inheritance options, and advanced credential-sharing options.

Surprisingly, Proton doesn't package its popular and well-reviewed Proton VPN service with its premium password management plan. Proton Unlimited, which bundles the company's calendar, email, file storage, and VPN services with the password manager, is $155.88 annually, without promotional discounts.

Getting Started With Proton Pass

Proton Pass has browser extensions for Brave, Chrome, Edge, and Firefox users, a web-based vault, and apps for Android, iOS, Linux, and Windows. If you already have a Proton account, you can go to your account page to add a Proton Pass subscription to your account. If you are new to the Proton ecosystem, sign up for a Proton account with your email address, create a strong and unique password, download the appropriate app and browser extension, and store your credentials.

Like many other password managers, Proton Pass has a video tutorial for new users. For more hand-holding, you might also consider 1Password, which gives you comprehensive tutorials to guide users through the process of creating their first credentials and storing them in their password vault.

Proton Pass can import from the following competing password managers and browsers: 1Password, Bitwarden, Brave, Chrome, Dashlane, Edge, Enpass, Firefox, KeePass, Keeper, LastPass, NordPass, Robofom, and Safari. It's a longer list than some competitors have, but it's well short of Bitwarden's ability to import from more than 50 sources.

We had no trouble importing a password list stored in the Chrome browser but ran into complications while attempting to import our test credential lists from competing password managers. Proton Pass didn't allow us to upload our CSV test file or the Dashlane credential list we use to test password managers, which is not ideal.

Data Privacy and Security With Proton Pass

Before we review and test a password manager, we send questions to the password management company asking about its privacy and security practices. We want you to have plenty of information about the companies handling your data. We've included relevant information from Proton Pass' responses to our questions below.

Has your company ever had a security breach?

Proton has never experienced a security breach. The robust security model of Proton Pass, along with all other Proton services, is designed to offer multiple layers of protection. This includes Transport Layer Security (TLS), Secure Remote Password (SRP) protocol, and end-to-end encryption, among others. The core of Proton Pass' security architecture lies in its end-to-end encryption model, which encrypts not only passwords but all fields, including usernames, web addresses, and notes. This encryption is performed locally on the user's device, ensuring that Proton servers never have access to unencrypted keys, data, or credentials.

What unencrypted information does the password manager store in user vaults?

Proton Pass ensures that no unencrypted information is stored in user vaults. All data within a Proton Pass vault is end-to-end encrypted.

What is the company's policy regarding master passwords?

Users are required to create a strong account password when setting up their Proton Pass account. The account password plays a central role in the encryption process. Proton Pass encrypts the user key with a bcrypt hash of the account password and the account salt. This process occurs locally on the user's device, ensuring that the account password is never transmitted to Proton servers in an unencrypted form.

Proton does not have access to, nor does it store, users' account passwords. The use of the Secure Remote Password (SRP) protocol in Proton Pass provides additional security against man-in-the-middle attacks. This protocol ensures that password-equivalent information is never exposed, even in the event of Proton being compromised.

Proton's policy for account recovery, in case of a forgotten password, includes several methods. Users can choose to set a recovery email, phone number, or a 12-word recovery phrase. The recovery phrase can also be used to decrypt emails and other encrypted data. Additionally, users have the option to download a recovery file, which can restore emails and data after resetting the password. It's important to set both an account recovery method and a data recovery method to avoid losing access to the account and encrypted data.

What is the company's policy regarding user data collection and data sales?

Proton's policy regarding user data collection and data sales emphasizes privacy and minimal data retention. Here are the key aspects of the policy:

• Minimal personal information collection
• No permanent IP logging
• Proton relies on third-party services to process payments and does not retain full credit card details. Anonymous payments, such as through cash or Bitcoin, are accepted.
• No data sharing or selling: Proton does not sell user data to third parties.
• Proton is mindful of regulations like the EU’s General Data Protection Regulation (GDPR) and ensures its privacy policy is transparent and legally compliant, detailing any organizations with whom user data is shared.

How does the company protect user data?

The best way to protect user data is to never have it in the first place. That’s why we protect users' emails, passwords, files, calendar entries, and other personal information with end-to-end encryption and zero-access encryption. We don’t have access to this information, so we couldn’t monetize this data, even if we wanted to, and if Proton were ever to be subject to a successful hack, this information would be unavailable to the attacker.

How does the company respond to requests for user information from governments and law enforcement?

As a Swiss company, the law prevents us from directly complying with requests coming from foreign authorities. Those are systematically rejected based on Swiss law, but those foreign authorities are generally redirected to adequate international legal assistance channels. When a request is duly instructed by the competent Swiss authority, and there is no element that would suggest the subpoenaed account is legitimate or that the request could be linked to a politically motivated prosecution, Proton complies according to its obligation under the law. We do keep a transparency report about all the requests received and complied with on a yearly basis.

Proton's answers to PCMag's questions match the messaging in the company's privacy policy. During testing, we confirmed that the password manager doesn't store much user data by default, so the thorough answers above are unsurprising but appreciated. PCMag encourages anyone in the market for a new password manager to browse privacy policies to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and act accordingly.

Proton Pass' Authentication and Security Features

Once you have signed into your vault, we advise you to set up multi-factor authentication. Proton Pass allows your to authenticate via an authenticator app or a hardware security key. Other password managers allow you to designate a form of authentication within the app.

Security features included in a Proton Pass Plus subscription are auto-locking for your account, access to Pass Monitor features, and the option to enroll in the Proton Sentinel program mentioned above.

(Credit: Proton/PCMag)

Auto-locking your account allows you to choose to lock access to your vault after a predetermined period and unlock access using a six-digit PIN code. In testing, the feature worked as advertised.

Proton Alias

We tested the Proton Alias feature on mobile—with some quirks. Like other temporary email alias providers, Proton allows you to create a new email address that you can use to sign up for products and services. It's handy when you don't want to enter your email address in a form and risk receiving junk emails for the rest of your life (Apple users get a similar email forwarding function with an iCloud+ subscription and iCloud Mail). Free users can create and store ten of these aliases, and there's no limit for Plus subscribers.

(Credit: Proton/PCMag)

It's a good idea to include this service with a password manager, but Proton's execution is a bit awkward. For example, we created the fake email address "gritsngravy.clay316@passfwd.com" in the hopes that we could use the fake email in place of our real email address for a few websites. When creating new logins, we had to manually cut and paste the fake email address into the web form because it didn't appear as an email option when creating new credentials. It's a bit clunky.

A Proton representative told us the execution is appropriate for the feature's intended use, explaining, "We recommend using a different email alias for each website so that users can easily deactivate the alias in case it's leaked or sold by the website. This is why we would not prompt users to use an existing alias."

We appreciate the explanation. We think that giving users the ability to use an alias for multiple logins (and bulk delete those logins later), as seen in many of the email alias services we've reviewed, may make this feature more attractive and useful for customers.

Pass Monitor

(Credit: Proton/PCMag)

Pass Monitor is Proton Pass' security center, similar to 1Password's Watchtower section in its apps. A password hygiene section identifies weak or reused passwords in your vault. Premium subscribers can sign up their Proton email addresses, their hide-my-email aliases and up to 10 other non-Proton email addresses for dark web monitoring.

(Credit: Proton/PCMag)

One interesting feature found in the Pass Monitor section is the data breach history report. You can get a full rundown of all the data breaches that exposed information related to your email address. To test the feature, we used an old email address that's long been relegated to a junk mail catch-all. To our surprise, it's been included in 20 known data breaches since 2010. It was very helpful to see what kind of information was exposed in each breach, too. Proton Pass' data breach monitoring is more comprehensive than the services provided by competitors such as Bitwarden or Dashlane.

Proton Sentinel

Proton's website describes the Sentinel feature as follows: "It mitigates security threats by combining AI with human analysis." Sentinel monitors your account for suspicious login activity and alerts enrolled users if something appears to be amiss. It's a helpful feature for people who may be high-security targets (government officials and journalists are a couple of examples), though it's probably not necessary for most users.

Hands On With Proton Pass

We tested Proton Pass' functionality using the Windows app, web vault, the iOS app, and the browser extension for Google Chrome. The apps are all good looking, easy to use, and functioned as expected in testing.

Credential Capture and Replay

In testing, we were able to create and store new passwords for accounts. Proton Pass filled in the email address in the appropriate field and generated a password with a single click.

Eventbrite's sign-in portal requests an email address on one page and the password on another. Many password managers can fill in the password on the second page automatically. With Proton Pass, the process isn't so seamless, requiring users to tap to fill in the password on the second page. According to an email from Proton, "Automatic autofill without user interaction is less secure because malicious scripts can deceive the password manager into unknowingly revealing user credentials. This can occur, for example, by embedding an invisible form on the login page."

(Credit: Proton Pass/PCMag)

Password Generator

We didn't have problems generating new passwords during the credential creation process. With Proton Pass, you can either generate a random password that is up to 64 characters long or a memorable passphrase. We like that Proton Pass also includes a password history list so you can see your past credentials.

Password Sharing

Proton Pass allows you to share vault items with others and determine whether they can view, edit, or become administrators for the entire vault. If you're an existing Proton Pass user, we suggest creating a separate vault just for sharing individual credentials with other people. Other password managers we've reviewed, including 1Password and Dashlane, allow users to share specific credentials without needing to create a separate vault.

Passkey Support

You can create and store passkeys using Proton Pass on all platforms. To create a passkey, visit a website that uses passkeys. Sign in using a username and password, then set up a passkey in your account settings menu. After completing the passkey setup, log out of the website, return to the sign-in screen, and choose "Sign in with passkey."

Missing Password Management Features

Proton Pass lacks file-storage options in its free and paid password management plans, and the amount of data you can store in your vault for filling in web forms is limited to your name and credit card details. Apart from that, you can only store text-based notes in the Proton Pass vault. Other password managers allow you to store mailing addresses, driver's license information, passport information, and more in a dedicated section related to your identity.

Also missing from the password manager are options for granting loved ones or trusted associates emergency access to your passwords in the event of your demise. Keeper and LogMeOnce both have well-thought-out password inheritance systems that allow subscribers to determine who gets access to their passwords and for how long.

Proton Pass Mobile App Experience

To test the iOS version of the Proton Pass app, we used an iPhone 14 Pro running iOS 17.2.1. Proton Pass also has an app for Android devices. The iOS app is attractive and functioned well in testing. The purple-on-purple user interface is basic but trendy, and there are no app-specific features beyond using Apple's FaceID technology to unlock the app and MFA code generator access.

(Credit: Proton/PCMag)

We were able to download, install, and log into the app without any issues. In testing, Proton Pass for iOS didn't have trouble capturing, creating, and filling passwords.

Proton Pass Business

Proton Pass has three levels of password management for business users. Before any discounts, the Pass Essentials plan is $47.88 annually per person and includes the free password manager functions, as well as unlimited hide-my-email aliases. In the marketing materials, Proton describes the service tier as being best suited for entrepreneurs. The next step up is Pass Professional, which costs $71.88 per year. It adds an MFA requirement for organization members and access to Proton Sentinel. Proton's website describes the plan as being best for teams.

The Proton Business Suite is $155.88 per person per year and includes access to Proton's product suite which includes Calendar, Drive, Mail, and VPN access. It's the best value of all the available business password management plans from Proton.

Like Dashlane and Keeper’s password hygiene features for business customers, Proton Pass has employee vault monitoring. Employees can also access the excellent data breach history and exposure log via Pass Monitor.

After testing the Professional version of the business app, there are few business features we've seen in other password managers that aren't in Proton. Other password managers, such as Dashlane and Keeper, give a free Family vault to each employee. 1Password, Dashlane, Keeper, and NordPass' business plans include options for SSO integrations, too. A dashboard showing employee password and 2FA hygiene scores, like those found in Dashlane and Zoho Vault, is another feature that business users may want.

(Credit: Proton/PCMag)

An aspect of Proton Pass Professional that we liked is that it's easy to set vault sharing limits. This means you can stop employees from sharing passwords or other data with people outside of your organization. Enable this setting by visiting the Policies section in the browser-based Admin Panel.

When it comes to customer service, businesses need responses quickly, and from a human. We like that Proton Pass includes on-demand phone support for all levels of business password management, something that both Dashlane and Keeper have, too.

Proton Pass Customer Service Options

We read your comments, and an oft-requested testing category is one that notes each password manager's level of customer support. For now, we're only mentioning the kinds of support available and whether it's easy to cancel your subscription.

(Credit: Proton/PCMag)

Support Options for Personal Accounts

Proton Pass does not have chat or phone support for non-business plan subscribers. Instead, customers can troubleshoot their issues using the Proton Pass support page or send a request for help via the customer service section within the Proton Pass apps. If that doesn't solve the issue, help is available by email, too. Currently, Proton uses Zendesk to handle emailed support questions, but if you want to bypass a third party, you can email contact@proton.me.

(Credit: Proton/PCMag)

Is Canceling Your Proton Pass Subscription Easy?

In testing, we didn't have any trouble canceling our subscription to Proton Pass Plus. Just visit your Proton account page and scroll to the bottom and click the "Delete Account" button to start the process.

If you cancel your account and you've pre-paid for an annual subscription, Proton will give you credit for your unused subscription days. It's a helpful policy for people who are planning to use more Proton products in the future.

(Credit: Proton/PCMag)

Verdict: Good for Free, Expensive for Premium

We like that Proton Pass gives you unlimited password storage in its free tier. We also like its email alias creation feature, though its execution could be smoother. The Pass Monitor section is a welcome addition to the product's feature list, and we were very impressed with the comprehensive dark web monitoring reports. Ultimately, we were able to use Proton Pass to complete the core tasks expected of a password manager, though the non-discounted version of the Proton Pass Plus is a bit expensive compared with the competition. For free or low-cost password management with a lot of helpful features, we still recommend Bitwarden, our Editors' Choice winner.