Proton Pass beats expectations in independent security audit

Published: 15 May 2026
Password login
Sign in page. Photo by Jakub Porzycki/NurPhoto via Getty Images

Password manager Proton Pass has passed a security audit by an external security firm with flying colors.

Recurity Labs tested the browser extensions, mobile apps, desktop apps, and Command Line Interface (CLI) for Proton Pass.

The security consultancy agency examined Proton’s password manager between January and April 2026 and found that Proton Pass’s overall security to be “well above par.”

ADVERTISEMENT

“As an overall verdict, while numerous issues were identified in the course of this assessment, the majority of the observations are of low impact, and the sole medium severity issue has already been mitigated, allowing us to rate the solution’s overall security posture as well above par,” Recurity Labs’ report says.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

The firm found no remote exploits and couldn’t identify any encryption bypasses, such as shortcuts, backdoors, or weak keys, that could circumvent encryption layers.

“The absence of a specific exploitation path identified for certain findings as part of this assessment must not be interpreted as proof that none exist, particularly in light of future development and potential changes to execution context. Mitigation is therefore still recommended,” the report continues.

Researchers did come up with several recommendations that focused on strengthening practices, like how secrets are managed in memory while the app is running, runtime security hardening, and implementation practices outside the core threat model.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Proton says it takes the findings seriously and has implemented fixes for these vulnerabilities.

“Security audits are primarily an opportunity to test and improve our implementations. We’re grateful to the auditors at Recurity for helping us identify several areas for improvement beyond the core security requirements,” Son Nguyen Kim, developer at Proton, says in a statement.

ADVERTISEMENT

Proton has over 100 million people using its services like Proton VPN, ProtonMail, and Proton Drive. The company offers a strict no-log policy, end-to-end encryption, and zero-access encryption, meaning that not even Proton itself can access your data.

Proton claims to have over 6,000 VPN servers in approximately 100 countries.

Unlock exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta confirms: critical vulnerability in account recovery tool exposed over 20K Instagram users
UK to use AI to prepare for AI-induced employment challenges
Dark web drug vendor gets 26 years for selling fentanyl and meth
Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks
UK PM Starmer set to ban social media for Under-16s
OpenAI plans biggest ChatGPT overhaul ahead of listing
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked