Proton Pass review 2024
We perform independent tests and thoroughly analyze password management services to find the best options for customers to store online credentials and other sensitive information.
We prioritize full transparency, which is why we provide detailed descriptions of our in-house testing procedures and methodologies.
Learn moreProton is notable for its top-notch VPN, particularly its free version, and email service. But you can also get Proton Pass – an open-source password manager with secure end-to-end encryption. It has a free version, too, and promises top-notch security.
However, there are a lot of questions that its official website doesn’t answer. Mainly, how secure is this password manager? And how does Proton Pass compare to its main competitors in terms of features, password management, and general safety? Are there any concerns that potential users should be aware of?
For this article, our research team and I tested Proton Pass, analyzed all that it has to offer, and compared it to other password managers that we tested in order to give you a full breakdown of this service. Hopefully, this review will answer all of your questions about Proton Pass, how it works, and what it can offer.
⭐ Rating: | |
🥇 Overall rank: | #12 out of #19 |
💵 Price: | From $1.99/month |
✂️ Free version: | Yes, plus a 30-day money-back guarantee |
🌐 Browser extensions: | Chrome, Firefox, Brave, Edge, Safari, Web App |
🔥 Coupons: | ProtonPass coupon 60% OFF |
Proton Pass – main pros and cons
Visit Proton Pass to try it yourself
Our in-house research team thoroughly analyzes password managers, and our team of experts uses the gathered insights and hands-on experience to evaluate each provider accordingly. Find out how we assess password managers.
Proton Pass review – key takeaways
Based purely on functionality and features, Proton Pass is on the way to becoming one of the leading password managers. But while its security is uncompromised and there are some very innovative features, there are still some areas of improvement. Here’s a quick overview of the Proton Pass password manager:
- Password safety. Proton Pass has numerous features to ensure password storage security. Most notably, the generated limited-time password sharing link, 2FA, email aliases, password health checker, and 24/7 account safety monitoring features.
- Ease of use. I found Proton Pass apps and browser extensions easy to navigate and straightforward to use. The app interfaces, in particular, are very user-friendly, with clearly laid-out features and saved passwords.
- Features. While having mostly the same features as other premium password managers, Proton Pass' stand-out feature is Proton Sentinel, a combination of AI and human efforts to maximize account security. However, this feature, as well as multiple others, are not available on the free version.
- Plans and pricing. Proton Pass offers 3 subscription plans, two premium and one free, with paid plans also including a 30-day money-back guarantee. Proton Free is entirely free and can be used for unlimited time. The Pass Plus plan costs just $1.99/month for a 1-year plan. Proton Unlimited is the priciest and most feature-rich plan, costing $9.99/month for one year.
Is Proton Pass safe?
There are multiple reasons to believe that Proton Pass is a very safe password manager. For starters, its data encryption is the same as that of the most secure password managers, like NordPass. Additionally, specifically for password sharing, Proton Pass uses the OpenPGP encryption standard. This standard, as well as the vault encryption protocol, are market-leading encryption methods, effectively protecting from unauthorized access and data breaches.
However, Proton Pass’ open-source nature is both a benefit and a flaw. Anyone being able to contribute to its safety also means that anyone could exploit its vulnerabilities. So, while experts who get access to the Proton Pass code can point out flaws or even fix them, our Cybernews team wrote back in 2023 why it’s not always a good thing. Nevertheless, as the Cure53 audit of Proton Pass revealed, the general risks for users are very low.
Proton Pass' open-source status has many security benefits. Open-source password managers tend to be more trustworthy, as users and experts can audit the code and identify vulnerabilities before malicious agents exploit them. However, if those vulnerabilities are not resolved in time, they could lead to bigger problems down the line.
Overall, Proton Pass is trustworthy in terms of security. It offers strong data encryption, independent audits, and professional customer support – the aspects I look for when researching strong password managers.
Proton Pass plans and pricing
Proton Pass offers three plans, one of which is forever free. The other two – Pass Plus and Proton Unlimited – are paid subscriptions that are available monthly or yearly. Here’s the summary of pricing of each plan:
Plan pricing | Proton Free | Pass Plus | Proton Unlimited |
1-month | Free | $4.99/month | $12.99/month |
1-year | Free | $1.99/month | $9.99/month |
Unsurprisingly, the Proton Pass Free plan also has the fewest features. There is no limit on how long you can have this subscription, but keep in mind that you will be encouraged to upgrade to premium. However, despite being a bit more limited than the paid subscriptions, I found that Proton Free still offers unlimited logins and notes, unlimited device connectivity, passkey support, and secure vault sharing (2 available vaults).
The Proton Pass Plus plan expands on the free version’s features by offering credit card data storage, an aliases feature, 10 available password vaults and their sharing, Dark Web monitoring, a Proton Sentinel feature, and two-factor authentication (2FA). Besides, its yearly subscription costs just $1.99/month.
For $9.99/month (for a 1-year subscription), users can also get the Proton Unlimited Plan. Not only does it include all the features that the Plus plan has, but also all the premium Proton services. It means that with this subscription, you can get Proton’s Mail, Calendar, Drive, VPN, and password manager. Not even NordPass has a plan that allows such a combination of services. If you’re interested in Proton’s other products, this is the plan to pick.
In addition to these plans, Proton also offers Proton Pass business accounts, which cost between $4.99 and $6.99 per user per month, with an option to get a custom account based on your business needs. Proton Pass is GDPR compliant and based in Switzerland, so it is suitable for international markets and meets strict EU regulations.
Subscription process and refund policy
I found that the best way to get the Proton Pass is to pick a suitable plan on the official website, create a Proton account, and pay for the service. Once that’s done, I recommend downloading the app straight from the Proton website, as, for example, it will be more compatible with Mac than when downloading the app from the App Store.
All paid plans have a 30-day money-back guarantee, so if you change your mind, you can cancel your subscription within thirty days of purchase and claim a refund. Keep in mind that if not canceled, your monthly or yearly subscription will automatically renew, and you will be charged again. There is no free trial unless you previously left the Proton Family or Duo plan, in which case you can get a free 30-day trial of Proton Unlimited, which includes Proton Pass.
To request a refund, users must contact support using the provided form within the 30-day guarantee period. Refunds are not available for payments made by cash or bank transfer and can only be requested once per user. This refund policy applies only if you got your Proton Pass subscription from Proton’s official channels.
How to recover a Proton Pass account?
To log into your Proton Pass account, you’ll need to use the same details you entered when purchasing the subscription. Later on, you can set up 2FA to provide a more secure login. This can be done by either an authenticator app or using the security key.
If you’re having trouble remembering details, an easier option would be to enter your email address and phone number via the browser. There are three ways you can recover your saved data:
- Recovery phrase. It’s a backup password that consists of 12 words. This phrase allows users to reset their password and also recover all their data. You can turn on this feature manually, after which a pop-up will display the entire phrase. Make sure to write it all down in the correct order and store this information safely.
- Device-based recovery. When this type of account recovery is enabled, Proton will automatically save an encrypted backup keychain as a file in the browser’s web storage. If you forget your account's old password, logging in on a trusted device will allow full account access with a new password.
- Recovery file. To prevent accidentally locking yourself out of your account, you can download a recovery file. It cannot be opened or copied, but if you need it, you can download and upload it to restore encrypted data after you have already reset your password.
Proton Pass features overview
Like all password managers, Proton Pass has all the essential features for password sharing, storage, and secure use. It also has some more unique features that are accessible to premium subscribers that are worth the mention. Here are some of the main features that you can find in Proton Pass:
- Autofill, password generator, and health
- Password import/export and sharing
- 2FA and account security
- Passkeys
- Hide-my-email aliases
- Dark Web monitoring
- Proton Sentinel
If you’re curious about how each feature works, I have described their functionality in detail below.
Autofill, password generator, and health
When it comes to core password manager functionality, Proton Pass is no different from other providers, such as NordPass or 1Password. Its autofill feature can be turned on, after which all saved login details will be automatically suggested when logging into the respective account. The Proton Pass autofill works for both browsers and apps.
Password generation reminded me of NordPass in that it offers opportunities to create not just random passwords consisting of letters, symbols, and numbers but memorable phrases, too. Memorable passwords consist of up to 10 words, and random passwords generate up to 64 characters.
Additionally, Proton Pass has multiple ways to ensure password safety, such as indicators to measure password health and strength. It also notifies users of outdated passwords and ensures that there are no password duplicates. This feature, among several others, can be found on the main page’s Pass Monitor section under the Password Health title.
Password import/export and sharing
I found password importing on Proton Pass to be fairly straightforward. During the test, I attempted to import passwords from other Proton accounts and managed to do so successfully using the web app at pass.proton.me and from the extension. However, attempting to import with the PGP-encrypted JSON file did not work.
Password exporting was an even smoother process. I went to the Export section in Settings and chose the file format in which I wanted to export my data. Once I found the relevant file format, I was able to transfer data to another password manager without an issue.
As for sharing passwords, I liked that users can securely share a single item by generating a link, with options to set an expiration date and limit the number of views. Once created, the link can be copied and sent to the recipient. To share an entire vault, users can enter the recipient's email address (a Proton Pass account is needed to access the password). Any changes made to shared items or within the shared vault will automatically update for all recipients. Additionally, access can be easily revoked at any time.
2FA and account security
Proton Pass accepts both third-party authenticator apps and the ability to generate time-based one-time password (TOTP) codes. These securely generated codes work for website logins and reduce the need for third-party authenticators. Additionally, you can use the Proton Pass memorable password generator to create your main account password. You can also use passkeys to log into your Proton Pass account.
Passkeys
Passkeys are the next big thing in account security, with the potential to replace traditional passwords in the future. They are more secure than passwords, as they are less likely to lead to data breaches and are essentially impossible for malicious agents to guess or obtain. Currently, passkeys are supported on Proton Pass browser extensions and on Android and iOS devices.
You can create a new passkey on browsers (except Firefox, as it doesn’t support passkeys on iPhones and iPads) by visiting a supported website and creating an account. If you already have an account, check security settings for an option to add passkeys. As soon as you create a passkey, Proton Pass will issue an automatic prompt to save it. All passkeys will be stored in your Proton Pass passkey vault.
Hide-my-email aliases
This unique Proton Pass feature randomly generates an email address that you can use to automatically forward emails into the primary inbox without revealing it to senders. So, for example, if you’re creating an account for an online shop that sends lots of promotional materials or you have to give your email address to less trustworthy sites, an alias would hide your true email address.
If your email alias is ever leaked or starts receiving an increased number of spam emails, you can simply deactivate it, effectively stopping them. With the Proton Pass free plan, you can get up to 10 aliases, and with any of the paid plans, an unlimited number. I found this feature particularly appealing, as I no longer had to give my real email address whenever I wanted to buy something online or sign up for a temporary service.
Dark Web monitoring
Like many VPNs and password managers, Proton Pass scans the Dark Web for your information and alerts you if any of your details get leaked. More accurately, Proton Pass mainly scans if any of the details you provided to third parties end up in the Dark Web. This feature works by using various data sources, including threat intelligence data provided by Constella Intelligence, to detect and report breaches involving ProtonMail email addresses or Proton Pass aliases.
The information monitored includes email addresses, usernames, names, dates of birth, passwords, phone numbers, physical addresses, government IDs, medical data, and financial information like credit card numbers and bank IBANs. Dark Web monitoring provides a history of all known breaches affecting the user's accounts over the past two years. Breaches are prioritized by risk, with red indicators marking those that require immediate action, such as changing exposed passwords, and purple indicators for breaches where the password was encrypted or strongly hashed, though still potentially exposing other sensitive data.
Proton Sentinel
Proton Sentinel, the most innovative account security feature, combines AI with human oversight. If there’s a suspicious login, Proton Sentinel would set up strict challenges that only account owners could pass. Additionally, it provides enhanced visibility into login and account changes and 24/7 monitoring by security analysts. While it’s a great way to secure logins without 2FA, it’s not the best feature for accounts with multiple users, as a lack of 2FA would lead to frequent login challenges.
Proton Pass compatibility and ease of use
During our research, Proton Pass was tested on MacBook Air M2 (macOS), OnePlus (Android), Lenovo ThinkPad T14s (Windows), and iPhone 7 (iOS) devices. Additional tests were performed on Firefox and Chrome browsers. Overall, Proton Pass has apps for Windows, macOS, Linux, iOS, and Android, as well as Safari, Chrome, Brave, and Firefox extensions.
I had no issues setting up apps or extensions. Nor did I find it difficult to navigate through and find relevant features. Most importantly, Proton Pass saved all the passwords used during testing and auto-filled login information without a single glitch.
Desktop apps | I found no difference in function, ease of use, or number of features between macOS and Windows apps. However, desktop apps can seem a bit more crowded compared to mobile ones. |
Mobile apps | Intuitive and simple iOS and Android apps function exactly as desktop ones but with fewer unnecessary features displayed (like Feedback and mobile app promotional sections). |
Browser extensions | Browser extensions have very few differences from desktop apps, so they are easy to navigate and do not limit available features. |
Personally, I liked mobile apps the most. They work exactly the same as desktop apps or extensions but with a more minimalist, streamlined interface. Even desktop apps have a Get mobile apps section in the main menu bar. Of course, for work purposes, desktop apps are indispensable.
Proton Pass desktop apps
Unlike some password managers, there’s no difference between Proton Pass Windows and Mac apps. The app interface is straightforward, with a features and settings menu bar on the left and all saved account logins on the main page. To edit login details or copy them manually (when autofill is not turned on), you can press on any item and select Edit. A great little feature is the vulnerability display next to passwords, which will show if your password needs changing.
Proton Pass mobile apps
I didn’t find any noticeable differences between iPad/iPhone and Android apps. As for desktops, the only difference between PC and mobile versions is that password importing/exporting is allowed only through browser extensions, web apps, and desktop apps. Interfaces also differ; however, both are equally intuitive. Mobile apps, perhaps to declutter an already small screen space, also seem to have less busy interfaces than desktop apps.
Proton Pass browser extensions
My tests showed that not all browser extensions are the same in functionality, but they are the same in appearance. For example, the interface looks the same, but Firefox does not offer passkey support on iPhones and iPads, so you won’t get the same passkey compatibility as you would on a Chrome extension. Overall, the extension itself is very similar to the desktop app interface. And if you have a free version, the installation is even more effortless, with fewer extra steps needed to set it up.
Proton Pass customer support
Proton Pass does not have live-chat support, but you can access customer support 24/7 via email or Zendesk. As Proton Pass is an open-source password manager, it has a strong knowledge base with expert users being able to suggest improvements.
Option | Availability |
24/7 live chat | ❌ No |
Email support | ✅ Yes |
Knowledge base | ✅ Yes |
How-to guides | ✅ Yes |
Phone support | ❌ No |
I personally contacted Proton Pass support via email and got a pretty fast response. The first time, I had an issue with password importing and the advice I got helped me resolve the problem and relay the advice given in this article. The second time, I investigated the refund process. Both times, the customer support was very helpful and professional, so despite not having live chat support, Proton Pass staff were still able to assist me.
Additionally, you can get help from Proton’s own subreddit at r/ProtonVPN. This way, you can get assistance not only from Proton itself but also from other users.
How we tested Proton Pass?
The testing process for Proton Pass happened in two stages based on our password manager testing methodology. First, our expert research team investigated security features, technical properties, and general feature functionality. Having the in-depth analysis I needed, I was able to try out Proton Pass myself on different devices and browsers. This way, I was able to see how it functions in real life while also having the under-the-surface information to identify both flaws and benefits. I also tested both free and paid plans to see if there were any differences.
Final thoughts
While still having some areas of improvement, I think Proton Pass is definitely a strong addition to the Proton family of services. By all technical or practical metrics, Proton Pass is certainly secure. It was also interesting to analyze an open-source password manager that doesn’t quite fit the mold.
Usually, open-source password managers lack customer support and can be quite vulnerable to malicious agents. But Proton Pass has multiple features that safeguard it from possible damage while still being open to user suggestions for improvement. Even though our team noticed some vulnerabilities back in 2023, there were and still are no indications that Proton Pass could leak user data. Besides, as my personal experience showed, there are enough customer support options to resolve any issue fairly quickly.
Addition of such features like email aliases and Proton Sentinel not only make this password manager secure, but also appealing to potential users. I think as well that, if it continues to improve, Proton Pass can become one of the best password managers in the market, on par with such more experienced giants as NordPass and Dashlane.
FAQ
Is Proton Pass trustworthy?
Yes. Despite open-source status concerns, Proton Pass is completely safe to use and includes numerous features to protect user identity. Even those vulnerabilities that were identified in the past were deemed by independent auditors to be of no consequence to the overall security of this password manager.
Who owns Proton Pass?
Proton Pass is part of the Proton group of services, known for a VPN and email. Proton is developed by the Swiss software company Proton AG. Its headquarters are in Switzerland, too. Due to this jurisdiction, Proton Pass is GDPR compliant.
Is Proton Pass free?
Yes, like pretty much all Proton services, Proton Pass has a forever free version. However, it has a password vault and some feature limits, so if you want a more advanced version of this password manager, you’d need to get one of the two paid plans.
Has Proton Pass ever been hacked?
No, as of late, there were no reports or indications of any Proton Pass data breach incidents. Independent audits also confirmed that any vulnerabilities spotted by experts due to Proton Pass' open-source nature were not enough to lead to a user safety incident.
Comments
Thanks for all the great, in depth, detail!
Your email address will not be published. Required fields are markedmarked