Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing attacks and make your online experience smoother and safer.
Unfortunately, Big Tech’s rollout of this technology prioritized using passkeys to lock people into their walled gardens over providing universal security for everyone (you have to use their platform, which often does not work across all platforms). And many password managers only support passkeys on specific platforms or provide them with paid plans, meaning you only get to reap passkeys’ security benefits if you can afford them.
They’ve reimagined passkeys, helping them reach their full potential as free, universal, and open-source tech. They have made online privacy and security accessible to everyone, regardless of what device you use or your ability to pay.
I’m still a paying customer of Bitwarden as Proton Pass was up to now still not doing everything, but this may make me re-evaluate using Proton Pass as I’m also a paying customer of Proton Pass. It certainly looks like Proton Pass is advancing at quite a pace, and Proton has already built up a good reputation for private e-mail and an excellent VPN client.
Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!
See https://proton.me/blog/proton-pass-passkeys
#technology #passkeys #security #ProtonPass #opensource
I really want to like Proton and all their shit, but they seem to heavily advertise everything they have on every software and product they have in a very intrusive and annoying way.
Simply logging into Proton mail and being bombarded by Proton promotional shit feels like Google all over again.
The app reminds me constantly that I’m a piece of shit for not supporting them by subscribing to their VPN, etc etc.
I haven’t noticed much beyond emails about general product news.
That’s compared to Feedly which actively would popup “hey! have you considered paying us like… 2k/yr (or maybe it was 2k/month) for some service you don’t care about that really should be part of our normal RSS product that you’re already paying like 200/yr for? Also there’s no way to turn these notifications off and we’re going to keep sending them periodically. Oh! And we’re not going to work on anything you might find interesting or reasonably priced, so … have fun!”
I have both paid and accounts with Proton and I have no idea what you’re talking about.
Yes, they make it clear they offer suite of services, and notify you of new services being launched, but my screen isn’t saturated, and my workflow isn’t negatively impacted.
…and they are nothing like Google in terms of self promotion, to say nothing of Google’s business practices.
I would rather they make money from advertising their own pretty awesome services than from advertising unsustainable (environmentally, but also unsustainable for the fucking soul!) bullshit via blood sucking multinational tech companies that prey on the masses with whatever data they can automatically dig up on you. The revenue Proton makes from converting free customers to paid allows them to grow a freely available service that is a user-friendly and is a technical rival of the surveillance capitalists.
My take is:
- If you’re the sort of person that is convinced your requirements need some custom covert ops pagan voodoo self hosted data center in an old cold war era bunker, don’t let me stop you. You crack right on mate and good luck (sounds like you need it!).
- If you want the sorts of services Proton provides, but don’t want to be fucked, then Proton are a good shout.
- If you can afford it, pay for it. It makes the experience smoother and keeps a relatively small but decent company going in an ocean of massive cunts.
- If you can’t afford it and don’t want to use the free version of Proton, I hear Google and Microsoft will happily buy your soul and sell your data.
When I set up my account, then during setup they asked if I wanted to get email notifications about their products and later it is also available and clearly marked in the account settings. I’d assume that if I turned those setting off, I’d stop getting those emails.
That being said, I have gotten 8 notifications from them over the last 3 months. I have all newsletters and promotional content enabled. This isn’t much imo
And yet I missed their announcement about their passkeys. In today’s competitive world, I think any company that does not advertise in some way, is really not going to survive (as much as I don’t like ads either). Maybe I don’t see that much as I am paying.
I was getting these advertisements, even as a paid user, just before Christmas. Multiple other people have complained about it both here and on Reddit too. It seems to have gotten better now, but I know a few people have been quite turned off by this.
you’re able to unsubscribe from all those protomtions . . . that is in settings. Personally, a once-a-month newsletter of everything that is new is helpful bc I don’t need to put in the effort tlinto keeping up
I’m not 100% clear on the pricing. Do I get this for “free” as part of a premium subscription to Proton Mail/Drive/Calendar or is this a separate subscription?
This is included in the premium subscription
Nice. Thx.
Its free blud stop spreading misinfo
Its free blud stop spreading misinfo
If its free its still included in the premium tier “blud”… The commenter I was answering was asking if its a separate paid plan, and it’s not.
Then it’s not included in anything, is it?
Probably best to see their comparison but free account mainly excludes Integrated 2FA authenticator and only has two vaults, but unlimited logins. I’m on the unlimited account (for VPN and mail) so can’t check for sure.
Free for everyone.
all devices
Lies, there’s no Linux app yet. As usual, Proton Inc continues to treat Linux users as third-class citizens, all whilst claiming they care about privacy and security.
Edit: They don’t even have a macOS app yet lol.
I’m using the browser add-on in Linux across all my browsers. I do have the Bitwarden app for Linux, but to be honest I never open it as it is a pain to have to open a separate app, and then copy and paste. Isn’t it just more seamless to let it replace the browser password manager on Linux? If I want to tidy up my Bitwarden vault, I also do that in the browser.
Passwords are used in more places than just browsers though. If there wasn’t any need for a dedicated app, why did they bother making one for Windows?
But personally, I dislike Bitwarden as well. I prefer KeepassXC instead, as it works fully offline and I don’t need to depend on a cloud-based provider (or spin up a server). The best part about KeepassXC is that it supports auto-typing credentials, so you don’t need to copy-paste - and it works across a multitude of apps, such as remote desktop / terminal sessions.
I have the app and the browser extension. I usually open the extension and copy from there rather than use the app for things outside of the browser. It’s just quicker.
This is what I do as well. I always have Firefox running and can easily search the extension for whatever password I need and it is just as easy to copy from there as opening another tool.
That being said the iOS app is great for when I am away from my laptop.
How do I create a passkey with Proton Pass then? I don’t see that option when pressing the big Plus button.
It is the same for Bitwarden. What I noticed is if I go to a site with passkeys, then Bitwarden prompts me with a pop-up to want to add a passkey. It’s not something you manually add, apparently.
Thanks, buddy! 🙏
If the site you’re using supports passkeys, it should have an option in your account settings somewhere to create one. When you do, proton pass (or whatever other password manager) will prompt you to save that passkey. You can’t manually create one in Proton pass, it has to be the website requesting to save one.
Oh I see! So essentially it’s like creating a separate key pair for each login/site? Or will I be able to reuse the same public key/passkey for many different sites once it’s created?
The first, each account gets its own passkey.
Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!
1Password has had this for several months.
As others have mentioned, Bitwarden also has this. This really feels like an ad.
I don’t see a way where this isn’t an ad, especially with the end and it’s frustrating.
Agreed. Saying PP four times in two sentences triggers my ad sense. Capitalism never capitulates.
Thanks I did not know that. I see they say share via the vault, but don’t specifically mention exporting, as in to a file for importing elsewhere outside 1Password. But certainly LastPass, Bitwarden and others I’d looked at were not exporting the passkeys.
i looked at it and it literally says passkeys aren’t supported on Android right now. so this is bullshit.
Looks like they are just rolling out support for Android 14 and up.
Passkeys seem like mtls…so much so that I’m not sure what the difference is.
MTLS is for transport layer security, not authentication security. This is closer to those RSA keys where there is an RSA server keeping track of all the fobs that can be queried to figure out what number they are currently showing. Acting as a something you have factor of authentication, proving you are who you say you are.
There is a difference but right now as long as one uses a good password with a 2FA it is probably good enough. Too many services with passkeys are still quickly offering password resets via e-mail or text, so they, as sites, are not secure. And unless you can move your passkeys with you, like you can with passwords, you don’t want to get locked into a single device or OS.
Is this an ad?
No, an ad would have come out when it was launched, and an ad would try to sell something?
This reads achingly like an advert pretenting to be a social media post. BitWarden works fine for third party pass keys on every site I’ve used it on, ta - and I can self-host it.
But you seem to have missed the heading of the post? Bitwarden still (after many months) has not rolled out passkeys to mobile devices. That was actually the point of the post, and Bitwarden needs to start innovating a bit faster as others are overtaking in regard to passkeys. So, you can’t be using Bitwarden for your passkey logins on mobile?
I hear Bitwarden is redoing its mobile app, so maybe with that redesign will come some passkey support. 🤷♂️🤞
Does it beat Bitwarden though? Bitwardan has supported at least 2 services for me using passkeys ,one of which is google.
I might be misunderstanding this,but it doesn’t seem like proton beat anyone to anything.
Edit for info: https://bitwarden.com/passwordless-passkeys/
They’re talking about the fact that Bitwarden doesn’t support passkeys on mobile
Right,yeah,that’s true for mobile indeed.
Sad that these sort of features are paywalled.
The point of the post was that Proton Pass is beating Bitwarden right now to having passkeys for mobile (Bitwarden has still not released that), and Proton Pass can actually export passkeys which Bitwarden does not do, so they are improving. I would not say though they are better all round than Bitwarden. I pay for both but am still evaluating the rest of Proton Pass vs Bitwarden especially around tweaks in options. But Proton is showing some innovation and momentum, while Bitwarden is slowing a bit. For those already using Proton they will likely find Proton Pass good enough to use right now.
Vaultwarden is completely in my hands though
True, just hope they eventually get passkeys for mobile.
If you’re on Android, you could probably use the Firefox extension.
They will have to rip Bitwarden (soon Vaultwarden) from my cold dead hands.
True, it is good, but they need to speed up on passkeys for mobile as many do use mobile devices and what’s the point of having passkeys on desktop.
When are they changing their name? I didn’t even know
They aren’t. Vaultwarden is the selfhosted version.
I was considering Proton Unlimited and moving away from separate SimpleLogin and Bitwarden Premium to get my costs down. Has anyone moved from Bitwarden to Proton Pass? How was the experience?
As a counterpoint, I’m specifically keeping passwords with a separate service out of concern in having a single point of failure for the majority of my online persona. I do pay for proton unlimited but mostly for VPN, simple login, and email.
I don’t trust proton and I don’t know why anyone would
Well, at least say WHY? We know we can’t trust Apple (because of the recent backdoor that had to be closed down), Facebook because of the Cambridge Analytica scandal, Microsoft because the NSA were given first access to vulnerabilities before patching), the NSA because of the CLOUD Act), etc as these are all documented, analysed and reported on. Your comment really adds zero value to the debate. Proton is under Swiss law for a start, which has a way higher barrier to entry for law enhancement to get any access to metadata. In the USA the law enforcement just buys that data from data brokers. Proton is not in the business of advertising.
Just be carefull with “Swiss laws” defense. The laws are for Swiss citizens only. The same applies to “German privacy” laws.
Well German is EU, whilst Swiss is Swiss. But either ways, their requirements are way higher than US law for access to any records or metadata. The other thing is, if you live outside of Switzerland, your own government has to arrange legal access via two countries’ jurisdictions. And of course too for the USA, neither the Swiss or the Germans are allowed to just sell off data to data brokers.
I don’t trust them because they don’t use established security practices and their interfaces abstract away the internals and they have complied with law enforcement and admitted they could compromise contents(not just metadata) and they don’t accept anonymous payment.
They do accept Tor connections though… But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.
they could ship malicious js to their frontend that would give them access to the unencrypted session. you are going on faith every time you load the interface.
Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one’s that have been spying and exploiting have been the likes of Meta’s Facebook with their app present on the client device, and then trying to break Snapchat’s encryption this was (this came out in March 2024). Anyone “can” but we need to also consider “why” and what business model they have.
>But with others already able to exploit that, why would Proton want to do that?
to comply with a warrant
Everyone should downvote ads type post if you want to keep the community clean.
