SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Proton Launches Open Source Password Manager

Proton makes its open source Proton Pass password manager globally available for major browsers and mobile devices.

Internet privacy company Proton this week announced the global launch of its open source password manager, Proton Pass.

The password manager is now available as a browser extension for major browsers such as Chrome, Firefox, and Edge, as well as for iPhone/iPad and Android users.

At its core, Proton Pass works as a traditional password manager, enabling users to generate and save passwords. The tool also supports passphrases, the use of unique passwords for each website, and one-click logins.

However, Proton explains, the password manager also helps users protect their email addresses, essentially protecting their identities.

For that, in addition to suggesting a strong password when signing up for an online service, Proton Pass will also suggest using a hide-my-email alias.

Randomly generated email addresses meant to hide a user’s real email address, email aliases prevent third-parties from identifying individuals and filter out trackers and other marketing tools.

“If you sign up for a website using a hide-my-email alias and it gets hacked, it can only expose that alias. Your real email address would remain safe. If this happens and you start to receive phishing emails or spam via that alias, you can simply disable it,” Proton explains.

The company also notes that Proton Pass uses end-to-end encryption on all fields, including username and web address.

Advertisement. Scroll to continue reading.

The password manager uses a strong bcrypt password hashing implementation and a hardened implementation of Secure Remote Password (SRP) for authentication, syncs data between multiple devices, and offers end-to-end encrypted data backups.

The free version of Proton Pass supports unlimited logins and encrypted notes, but only offers a limited number of hide-my-email aliases and two-factor authentication (2FA) logins. Extra vaults and unlimited email aliases and 2FA logins can be unlocked by purchasing a subscription.

Related: Internet Access, Privacy ‘Essential for Freedom’: Proton Chief

Related: Apple Releases Open Source Password Manager Resources

Related: Flaw in Password Managers Allowed Apps to Steal Credentials

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

More People On The Move

Expert Insights

Related Content

Zero Trust and Identity and Access Management Zero Trust and Identity and Access Management

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

February 6, 2023
Okta hack Okta hack

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

November 3, 2023
DMARC Implemented on Half of U.S. Government Domains

Compliance

DMARC Implemented on Half of U.S. Government Domains

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

January 3, 2018
DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Email Security

DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

August 23, 2017
Thoma Bravo Merges ForgeRock with Ping Identity

Funding/M&A

Thoma Bravo Merges ForgeRock with Ping Identity

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

August 23, 2023
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
ZTNA Zero Trust ZTNA Zero Trust

Identity & Access

Password Dependency: How to Break the Cycle

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

January 25, 2023