Proton, the privacy-focused technology company best known for its encrypted email service ProtonMail, recently announced it is expanding its ecosystem with a password manager. This is the fifth security-focused product the company offers, along with its encrypted email, calendar, cloud storage, and VPN applications.
Proton’s new password manager protects the contents of a user’s vault with a 32-byte random vault key which is encrypted and signed with an asymmetric user key. This user key is encrypted with a bcrypt hash of the account password and the account salt. The company also assures that “[a]ll cryptographic operations occur locally on your device.”
Those fancy words mean your info is safe with Proton
If that sounds like we made up words to look clever, all you need to know is that only the person with the vault’s password can access any of the vault’s contents. This keeps all your info safe in the (unlikely) event that the service is hacked.
In addition, instead of only encrypting the password field, Proton Pass “applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in the encrypted notes section.”
If only the password field is encrypted (cough LastPass cough), an attacker might not be able to gain access right away but they’ll be able to see what sites you have accounts with and your usernames for those accounts.
This info can make it much easier for them to gain access through social engineering, where the attacker will try to trick you into giving them your details. It’s much quicker and easier than trying to crack your password using brute force. Unless you’re still using ‘Password#123’ or your birthday. In that case, you really shouldn’t be allowed on the internet.
Read More: Intruder alert: LastPass suffers breach
The timing of this launch is rather fortuitous for Proton. After prominent password manager LastPass was hacked last year, we’d imagine most of its users that take their privacy seriously are looking to jump ship if they haven’t already. Proton’s CEO Andy Yen said as much in the company’s announcement: “We’ve always been worried about the risk posed by a major password manager breach, which unfortunately became a reality with the recent hack of LastPass.”
For now, Proton Pass is still new so only the beta version is available to Proton’s Lifetime and Visionary subscribers while a public release is scheduled for “later this year.”