Proton Pass

I’ve been a fan of Proton Mail since shortly after the service started (back when it was called “Protonmail”). In fact, it was the topic of choice for the very first episode of the (long since defunct) Unusually Pink Podcast. In the intervening years, “Protonmail” has evolved into the Proton family of services, all with security and privacy at the forefront. From Mail to Calendar to VPN to cloud storage, the offerings have continued to expand and mature. The latest offering from the Proton team is Proton Pass. As the name might imply, it’s a password manager, AKA something that literally everyone should be using in 2024.

Memory Lane

I’ve used a variety of different password managers in my life. I actually began with KeePass, a local password manager. When I started to realize that I’d need access to passwords on my phone pretty regularly, I started using an Android fork of it and syncing the password database with Google Drive. A wrench got thrown into that particular workflow when I started using Chromebooks (as you can tell, I was quite the fan of Google back in the day…) since I couldn’t run KeePass; I needed a cloud-based password manager.

The go-to cloud password manager at the time was LastPass, so I signed up. LastPass worked well enough, but after a few years there started to be… problems. The first was a series of security breaches. While it seemed unlikely that the results of said breaches would actually allow anyone to access my passwords, my inner tech paranoia had me going through and changing literally every password that I had, which isn’t a fun experience. Then the company was acquired by LogMeIn (now called GoTo), which wasn’t exactly a company that I was about to trust with my most sensitive information.

Luckily for me, my work at the time had just signed up for 1Password. Certain business licensing for 1Password grants users a “free” Family license license, presumably to keep people from putting their personal credentials in a company vault that could technically be accessed by someone else. I ended up moving all of my passwords there. Transferring all of my information was a matter of doing the following:

1. Export passwords from LastPass to a plaintext CSV file.
2. Look at the 1Password documentation to see how they wanted a CSV formatted to import passwords. Update the column names in the LastPass CSV accordingly.
3. Import the CSV to 1Password.
4. Be sure to delete the CSV file since, you know, it has literally all of my credentials in plaintext.

It’s a process I became intimately familiar with over the years. I used 1Password for quite a while, even going so far as to pay for it myself when I left that job and started a new one. Eventually, my new company also bought 1Password, so I didn’t have to pay for long. When I left that job, though, I decided to assess my options. 1Password was $3 USD per month. On the flip side, I could get Bitwarden for $10 USD per year. I once again transferred all of my content and used it for several years.

Present

Fast forward, and I see Proton announce their own password manager. I was super happy with Bitwarden, but even for $10 USD I didn’t see why it made sense to keep paying for something if I was already getting access to another password manager with the Proton plan I was already paying for. My big issue at the time, though, is that there wasn’t anything available for:

1. macOS
2. Safari

So I could only access Proton Pass on my MacBook Pro if I used a different browser. In the time since this happened, I swapped back to Firefox, but at the moment I was using Safari and didn’t see a good way to access Proton Pass. However, when I finally saw that there was a web app available, I decided to jump on board.

The process of moving over to Proton Pass was even easier than normal. They offer up a wide variety of services they directly support migrating from. It’s a simple matter of picking what platform the export is going to be from:

From here Proton knows how the CSV file will be formatted and will automatically handle importing the correct fields in the correct places. I was a little surprised there doesn’t seem to be an option for a raw CSV import where they tell you what they’re expecting, but it obviously wasn’t a big deal for me.

After the upload, everything works basically like you’d expect from any password manager. Using it for Firefox, iOS, or iPadOS would allow for auto-fill whenever a password form was encountered. It was able to store credentials and also random information like encrypted notes, which I’ve occasionally used to list out API credentials and things like that depending on the platform.

If you happen to use something like 1Password for MFA, that’s not yet supported with Proton Pass, though it’s in the works. I’ve not yet moved away from just using the clunky authenticator app on my phone, so it’s not a big deal for me at the moment; maybe Proton making it available will finally be the incentive I need to switch.

Since I have a MacBook with Apple silicon, I was curious how the iOS version of the app would run on it to see if that would be a better experience than just rolling with the Firefox extension or the web app. The honest answer is that it’s… not good. The UI, while making perfect sense on iOS, just feels like such strange, awkward behavior on macOS that I couldn’t stand using it. Luckily there are far better options available.

Ultimately, is Proton Pass the supreme password manager? At the end of the day, a password manager should be fairly simple. It just needs to store your credentials securely and offer up insertion when needed. In that regard, Proton Pass works exactly the same as every other password manager I’ve used from a company with a proven track record when it comes to privacy and security. Considering that I get access to Proton Pass with the plan I already pay for, it only makes sense to use it. If you aren’t already a Proton subscriber, though, I don’t think you’ll see anything significant enough with Proton Pass that would make you leave something like 1Password or Bitwarden. That being said, if you’re considering moving your email away from a provider who’s looking at it so they can creep on you (looking at your Gmail and Outlook), adding a password manager on top could make the case for Proton even more compelling.