Proton Pass is a password manager from Proton, a company with a stellar reputation as a provider of VPN and email services. The free version of the password manager is excellent; it includes syncing unlimited passwords across all of the devices you own, plus you can create email aliases, check your credentials for weak or reused passwords, and fill in your personal information on websites using the app’s Identity form filling features. The premium plans offer even more helpful options like credit card storage, secure link sharing, and data breach monitoring. Proton Pass’ top-notch user interface and smooth performance earn it our Editors’ Choice award for free password managers.
How Much Does Proton Pass Cost?
Proton Pass has a free service tier, which includes unlimited password storage across unlimited devices, password hygiene monitoring, and the ability to create up to 10 email aliases.
Proton Pass Plus costs $4.99 per month ($59.88 annually) before discounts. If you want a lower rate, spring for the yearly subscription, which is $35.88. For that, you get all the free tier’s perks as well as an unlimited number of email aliases, mailboxes for your email aliases, the ability to generate multi-factor authentication (MFA) codes in the mobile app, credit card storage, the option to create multiple vaults, vault sharing for up to 10 users, secure link sharing, dark web monitoring, detailed information about your account security, and the ability to enroll in Proton Sentinel (more on that feature later).
What Is a Password Manager, and Why Do I Need One?
Though the non-discounted monthly price puts Proton Pass Plus on the upper end of password manager paid plans, the yearly plan is on par with other password managers’ annual rates. For example, NordPass only offers yearly rates now, and though the first year’s price is $23.88, that rate increases to $35.88 per year afterward. 1Password’s monthly rate for a personal premium plan is $3.99, or $47.99 per year, or you can sign up for an annual plan and pay a familiar amount, $35.88.
That said, at PCMag, we encourage you to try before you buy, and that goes for everything. Use a free version of an app, or take advantage of a free trial period before committing to a year or longer. I like that Proton offers a fully functional free app, a monthly service tier, and an annual pricing plan. A variety of options is better than having too few. Other apps are also experimenting with different pricing structures. Dashlane offers a free app for one device that stores up to 25 passwords or a free trial for its yearly premium plans that start at $59.88.
Proton recently added another paid tier to its personal lineup: Proton Pass Family. The plan is $6.99 per month, but it drops to $4.99 per month or $59.88 if you buy a year of service up-front. A Family account nets you all of the features included with a Plus account and adds support for up to six accounts, plus an admin panel for the Family account owner.
How to concoct (and remember!) an insanely secure password — Clarification Please
While testing the apps and extensions for this review, I noticed you can now access the entire Proton ecosystem from the Proton Pass app. This is a welcome change that I’d requested in past reviews and adds a lot of value to this app. The Proton suite of privacy and utility services includes free versions of Proton Calendar, Docs, Drive, Mail, and the highly rated Proton VPN. Check out the Proton Unlimited plan if you’re looking for premium versions of these services.
Getting Started With Proton Pass
If you already have a Proton account, you can go to your account page to add a Proton Pass subscription to your account. If you are new to the Proton ecosystem, sign up for a Proton account with your email address and create a strong and unique password.
(Credit: Proton/PCMag)
To get started with Proton Pass, I suggest downloading your appropriate browser extension first. That way, you can watch the helpful tutorial video while your vault loads and familiarize yourself with the user interface by exploring the web vault, which opens in a new window. Proton Pass has browser extensions for Brave, Chrome, Edge, and Firefox users, a web-based vault, and apps for Android, ChromeOS, iOS, Linux, macOS, and Windows.
Proton Pass can import from many competing password management apps and browsers. If your old credential storage app isn’t on the list, you can always upload a .csv containing your logins to your Proton Pass vault. I didn’t have any issues while importing the test credential lists.
Data Privacy and Security With Proton Pass
Before I review and test a password manager, I send questions to the company about its privacy and security practices. I do this because I want you to have plenty of information about the companies handling your data. I included all the relevant information from Proton’s responses to my questions below.
Has your company ever had a security breach?
Proton has never experienced a security breach. The robust security model of Proton Pass, along with all other Proton services, is designed to offer multiple layers of protection. This includes Transport Layer Security (TLS), Secure Remote Password (SRP) protocol, and end-to-end encryption, among others. The core of Proton Pass’ security architecture lies in its end-to-end encryption model, which encrypts not only passwords but all fields, including usernames, web addresses, and notes. This encryption is performed locally on the user’s device, ensuring that Proton servers never have access to unencrypted keys, data, or credentials.
What unencrypted information does the password manager store in user vaults?
Proton Pass ensures that no unencrypted information is stored in user vaults. All data within a Proton Pass vault is end-to-end encrypted.
What is the company’s policy regarding master passwords?
Users are required to create a strong account password when setting up their Proton Pass account. The account password plays a central role in the encryption process. Proton Pass encrypts the user key with a bcrypt hash of the account password and the account salt. This process occurs locally on the user’s device, ensuring that the account password is never transmitted to Proton servers in an unencrypted form.
Proton does not have access to, nor does it store, users’ account passwords. The use of the Secure Remote Password (SRP) protocol in Proton Pass provides additional security against man-in-the-middle attacks. This protocol ensures that password-equivalent information is never exposed, even in the event of Proton being compromised.
Proton’s policy for account recovery, in case of a forgotten password, includes several methods. Users can choose to set a recovery email, phone number, or a 12-word recovery phrase. The recovery phrase can also be used to decrypt emails and other encrypted data. Additionally, users have the option to download a recovery file, which can restore emails and data after resetting the password. It’s important to set both an account recovery method and a data recovery method to avoid losing access to the account and encrypted data.
What is the company’s policy regarding user data collection and data sales?
Proton’s policy regarding user data collection and data sales emphasizes privacy and minimal data retention. Here are the key aspects of the policy:
-
Minimal personal information collection
-
No permanent IP logging
-
Proton relies on third-party services to process payments and does not retain full credit card details. Anonymous payments, such as through cash or Bitcoin, are accepted.
-
No data sharing or selling: Proton does not sell user data to third parties.
-
Proton is mindful of regulations like the EU’s General Data Protection Regulation (GDPR) and ensures its privacy policy is transparent and legally compliant, detailing any organizations with whom user data is shared.
How does the company protect user data?
The best way to protect user data is to never have it in the first place. That’s why we protect users’ emails, passwords, files, calendar entries, and other personal information with end-to-end encryption and zero-access encryption. We don’t have access to this information, so we couldn’t monetize this data, even if we wanted to, and if Proton were ever to be subject to a successful hack, this information would be unavailable to the attacker.
How does the company respond to requests for user information from governments and law enforcement?
As a Swiss company, the law prevents us from directly complying with requests coming from foreign authorities. Those are systematically rejected based on Swiss law, but those foreign authorities are generally redirected to international legal assistance channels. When a request is instructed by the relevant Swiss authority, and there is no element that would suggest the subpoenaed account is illegitimate or that the request could be linked to a politically motivated prosecution, Proton complies according to its obligation under the law. Proton keeps a transparency report about all the requests received and complied with on a yearly basis. Proton has never received a request for law enforcement with regards to Proton Pass, because all data is end-to-end encrypted.
Proton’s answers to our questions match the messaging in the company’s privacy policy. We encourage anyone in the market for a new password manager to browse privacy policies to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and act accordingly.
Authentication and Security Features
(Credit: Proton/PCMag)
Once you have signed into your vault, you should set up a method for multi-factor authentication. Proton Pass allows you to authenticate via an authenticator app or a hardware security key.
Auto-locking your account allows you to lock access to your vault after a predetermined period and unlock access using a six-digit PIN code or an extra password. In testing, the feature worked as described. Another interesting privacy feature is the ability to access a detailed list showing the following information about login attempts related to your account: device information, ISP details, and the approximate location of the device attempting to access your account. Security event details are only available for paid account holders.
Proton Alias
(Credit: Proton/PCMag)
Like other temporary email alias providers, Proton allows you to create a new email address that you can use to sign up for products and services. It’s handy when you don’t want to enter your email address in a form and risk receiving junk emails for the rest of your life (Apple users get a similar email forwarding function with an iCloud+ subscription and iCloud Mail). Free users can create and store ten of these aliases, and there’s no limit for Plus subscribers.
A recent and welcome addition to this service is the ability to create email inboxes for your Proton-generated email aliases. This allows you to reply to emails and receive updates over time without using a real email address, which is an innovative feature I haven’t seen in other password managers. I had no trouble logging into websites using a Proton-generated email address.
Pass Monitor
(Credit: Proton/PCMag)
Pass Monitor is Proton’s security center. A password hygiene section identifies weak or reused passwords in your vault. Premium subscribers can add their Proton email addresses, hide-my-email aliases, and up to 10 other non-Proton email addresses for dark web monitoring.
The data breach history report is an interesting feature in the Pass Monitor section. You can get a full rundown of all the data breaches that exposed information related to your email address. To test the feature, I used an old email address that’s long been relegated to a junk mail catch-all. Surprisingly, it’s been included in 20 known data breaches since 2010. It was also very helpful to see what kind of information was exposed in each breach. Other password managers, such as Bitwarden and NordPass, include similarly detailed information in their data breach monitoring sections.
Proton Sentinel
Proton’s website claims the Sentinel program uses AI and humans to monitors your account for suspicious login activity. If a login attempt seems suspicious, Sentinel will let you know. It’s a helpful paid feature for people who may be high-security targets (government officials and journalists are a couple of examples) though it’s probably not necessary for most users.
Hands On With Proton Pass
I tested Proton Pass’ functionality using the web vault, the Android app, and the browser extensions for Google Chrome and Microsoft Edge. The apps are all good-looking, easy to use, and functioned as expected in testing.
(Credit: Proton/PCMag)
Credential Capture and Replay
I was able to create and store new passwords for accounts. Proton Pass filled in the email address in the appropriate field and generated a password with a single click.
Password Generator
The credential creation process was smooth during this round of testing. With Proton Pass, you can generate a random password up to 64 characters long or a memorable passphrase. The password history list is a welcome sight, too.
(Credit: Proton/PCMag)
Password Sharing
Proton Pass allows you to share vault items with others and determine whether they can view, edit, or become administrators for the entire vault. If you’re an existing Proton Pass user, I suggest creating a separate vault to share individual credentials with others. You can set the vault’s access level so the other person can edit, delete, or view logins. If you’re on the Proton Plus or Family plans, you can create secure links to share data with anyone, including non-Proton Pass subscribers.
Passkey Support
You can create and store passkeys using Proton Pass on all platforms. To create a passkey, visit a website that uses passkeys. Sign in using a username and password, then set up a passkey in your account settings menu. After completing the passkey setup, log out of the website, return to the sign-in screen, and choose “Sign in with passkey.”
Identity Form Filling
Another welcome addition to Proton Pass is the Identities section. You can enter personal information (such as your name, physical address, or phone numbers) in your Proton Pass vault and then use that data to fill in web forms. I was able to fill in forms on the websites I use for testing with ease. You can also autofill credit card data using Proton Pass, but that section is for paid accounts only, which is not ideal.
Notable Missing Features
Proton Pass’s free and paid password management plans lack file-storage options, but a Proton representative told me that the feature is coming soon.
Additionally, I think it’s important to consider what happens to your data in the event of your demise. That’s why it’s unfortunate that Proton Pass doesn’t offer options for granting loved ones or trusted associates emergency access to your passwords yet. Keeper and LogMeOnce both have well-thought-out password inheritance systems that allow subscribers to determine who gets access to their passwords and for how long.
Proton Pass Mobile App Experience
(Credit: Proton/PCMag)
I checked out the mobile version of Proton Pass Plus using an Android device. The easy-to-navigate user interface is basic but trendy. I like that Proton Pass eliminates the need for a separate authenticator by integrating a 2FA code generator into the app.
I was able to download, install, and log into the app without any issues. During testing, Proton Pass for Android didn’t have trouble capturing, creating, and filling passwords.
Proton Pass Business
Proton Pass has three levels of password management for business users. Before any discounts, the Pass Essentials plan is $59.88 annually per person when you sign up for the month-to-month plan. As with personal plans, paying a whole year up-front can save you some money. In addition to the free password manager features included in the Essentials tier, the plan also offers unlimited hide-my-email aliases and credit card storage. In its marketing materials, Proton describes the Essentials service tier as best suited for entrepreneurs. The next step up is Pass Professional, which costs $83.88 per year when you subscribe to the monthly plan. The Professional tier adds an MFA requirement for organization members, a VPN connection for employees, and access to Proton Sentinel. Proton’s website describes the plan as being best for teams.
The Proton Business Suite is $179.88 per person per year and includes access to Proton’s full product list, which includes Calendar, Drive, Mail, and VPN access. Each employee also receives 1TB of storage and 15 custom email domains.
Like Dashlane and Keeper’s password hygiene features for business customers, Proton Pass has employee vault monitoring. Pass Monitor allows employees to access the data breach history and exposure log.
When it comes to customer service, businesses need quick responses from humans. I like that Proton Pass includes on-demand phone support for all levels of business password management, something that both Dashlane and Keeper have, too.
Customer Service and Cancellation Policy
Proton Pass does not have chat or phone support for non-business plan subscribers. Instead, customers can troubleshoot their issues using the Proton Pass support page or request help via the customer service section within the Proton Pass apps. If that doesn’t solve the issue, help is available by email, too. Currently, Proton uses Zendesk to handle emailed support questions, but if you want to bypass a third party, you can email [email protected].
Is Canceling Your Proton Pass Subscription Easy?
I didn’t have any trouble canceling my subscription to Proton Pass Plus. To do so, visit your Proton account page, scroll to the bottom, and click the Delete Account button.
If you cancel your account and you’ve pre-paid for an annual subscription, Proton will credit you for your unused subscription days. This is a helpful policy for people who plan to use more Proton products in the future.
Verdict: Proton Pass Is the Best Free Password Manager
Overall, we like that Proton Pass gives you unlimited password storage in its free tier, along with email aliases and password hygiene tools. The sleek UI was easy to navigate, and I really appreciated the app’s smooth auto-filling capabilities on every platform tested. These aspects make the app stand out among the rest of the competition, earning it the PCMag Editors’ Choice award for its superior free password management. We look forward to seeing what else Proton cooks up in the password management space this year, whether it’s adding file storage options or offering emergency access tools for subscribers.
The Bottom Line
Proton Pass is at the forefront of free password management, syncing unlimited passwords across all your devices while adding features such as credential hygiene management and email alias creation.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Kim Key
Senior Security Analyst
