Proton Pass: Open-Source and Encrypted Password Manager App

I know it may be nitpicking or just pedantic, but they say on their page "Your data also never goes to the cloud, as we own and manage our own server infrastructure." But...if you upload your data to their servers (so it can go to all your devices), isn't that the "cloud"?

It seems only the clients are open source?<p><a href="https:&#x2F;&#x2F;github.com&#x2F;orgs&#x2F;protonpass&#x2F;repositories">https:&#x2F;&#x2F;github.com&#x2F;orgs&#x2F;protonpass&#x2F;repositories</a>

It&#x27;s amazing how many new products Proton manages to make while still barely supporting their VPN on Linux.<p>On the one hand, nice work proton team. On the other, you lost a VPN customer today.

With Bitwarden supporting passkeys soon[0] is there any announcement from Proton that they would as well? Seems odd to release a password manager at this time and not mention at least eventually supporting WebAuth&#x2F;FIDO2&#x2F;passwordless. 1Password, Google, Apple, and likely Microsoft are all going to be having some level of passkey management. For middle of 2023, it seems like at least a good feature to mention is going to be available even if the release is months out.<p>[0]: <a href="https:&#x2F;&#x2F;bitwarden.com&#x2F;passwordless-passkeys&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;bitwarden.com&#x2F;passwordless-passkeys&#x2F;</a>

It grinds my gears when password managers bundle 2FA&#x2F;MFA without pointing out how this weakens the security of it, or discussing mitigations. &quot;Proton Pass makes 2FA easier with an integrated authenticator that stores your 2FA codes and automatically displays and autofills them.&quot; Is it really multiple factor auth if you&#x27;re using the same device for the password and automatically filling in the token? It&#x27;s not a unique failure of Proton Pass but, people reading this should rightly be sceptical and this is a significant failing. When I read their audits on Proton Drive, I see that the web page claims the PDF is end-to-end encrypted. But the link with the key in the URL hash is public. It&#x27;s a poor demonstration of their technology. When I see the defects that were found by the audits, it doesn&#x27;t leave an amazing impression. It&#x27;s great that they have an open source client and do open audits though. Claiming it&#x27;s open source, does come across as hype without a server too though. Overall this is a welcome thing but it&#x27;s very rough around the edges, I wouldn&#x27;t feel it&#x27;s a compelling offering yet with these big issues.

I prefer to diversify. That&#x27;s why I have Bitwarden, Tutanota, NextCloud &amp; ProtonVPN.<p>IMO it does not make sense to use any service from your VPN provider at the same time - it&#x27;s like not using a VPN at all since they do know your real IP. No idea why this is not known to more people.

I&#x27;m a bit skeptical about having one more solution in that space, considering that 1) password managers built in OSs and web browsers are becoming better and better (for example the new version of iCloud Keychain) and 2) passkeys are coming.

Correct me if I&#x27;m wrong, but I suspect this has the same issue preventing me from using it as does Bitwarden, namely: if I give you my vault and my password, you can access all my passwords.<p>With how common hardware security keys (or even just tpm2) are these days this limitation seems inexcusable to me. Which is why I&#x27;ll stick with gopass&#x2F;pass using my yubikey (w&#x2F; touch policy fixed). You might hack my machine and trick me in to decrypting a few passwords, but at least you won&#x27;t make off with them all.

I will stay with Bitwarden too, but it does look nice. I appreciate the design look&#x2F;feel.

Would like to see web&#x2F;desktop clients for this. When I used it recently I found the unexpandable pop-up overlay in the browser to not be adequate for managing my hundreds of logins- it just felt annoying to be confined to such a small &quot;window&quot;- also would like to see along with that more options for managing items in batches (select multiple and move to another vault, etc).<p>EDIT: Credit cards are available. Somehow I missed that! Might have gotten released in the time since I tried it which hasn&#x27;t been long at all...

Saw this some time ago. Any advantages over, say, Bitwarden ?

I see the ios and android clients are open source, but not the server implementation - I would not call that &quot;open source.&quot;<p>I am sticking with Bitwarden.

Any reason for me to switch from Bitwarden?

My main concerns are - Can I host &#x2F; store my own vaults? Are the apps native (not electron)? What are the browser plugins like with autofill of secrets, identity, payment information etc…?

I see the dupe process is working just fine here; I look forward to someone stumbling upon this next week and resubmitting it then, too

Wasn&#x27;t there some article or something claiming that this company was a NSA honeypot or something? Or am I imagining that.

Does this reliably detect username password fields on mobile ? 1password is getting really bad on that

No no local syncing so my password data never has to touch a computer I don&#x27;t own?<p>Pass, uninteresting product.

How can something be called &quot;open-source&quot; when you can&#x27;t self-host it?

I&#x27;d switch if they add a native Linux app. Any plans for that?

All I really want is GNU Pass with an IPFS backend.

Is this available on proton for business too?