Proton Pass Fact Check

Security / PasswordManagers / By /

Last updated on April 25th, 2023 at 09:21 pm

A password box with five dots in it. In the foreground there is a yellow sign that reads "Fact check."
Image made in Canva.

Last week, Proton AG, the company behind Proton Mail, announced their new password manager, Proton Pass, had entered beta. Given Proton’s established reputation in the privacy space, this was exciting news.

Proton’s announcement, however, made a few controversial claims that upset some members of the password manager community. Following on from a Twitter thread by KeePassXC, let’s fact check some of these claims.

Encryption

Claim #1: “[W]hile many other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more)

What this means is that Proton Pass encrypts not just the username and password but also, for example, the URL of the saved login. And this is good to do because, as Proton points out, if an attacker can see the URLs of all your accounts because they are not encrypted, then they have gained a lot of information about you.

The problem, however, is that many other password managers already encrypt all fields of the entries in their vaults. It’s true that hacked password manager LastPass did not, but I checked and 1Password, Dashlane, Bitwarden, Keeper and NordPass, for example, all do.

Me: Hi Kingsley! Kingsley (CSR): Everything stored in NordPass is encrypted. We use XChaCha20 to encrypt your vault and Argon2 for key derivation. By the time your data reaches our servers, it's already encrypted on your device, which means we have zero knowledge about the items saved in your vault. For more information about our Zero-knowledge architecture, you can visit the website here: https://nordpass.com/features/zero-knowledge-architecture/ Me: Okay, great! So you don't do what LastPass did and leave the URLs or anything else unencrypted? Kingsley: No, we do not.
I spoke with a NordPass customer service representative who confirmed that they do encrypt all fields, including URLs.

Verdict: Proton’s claim is misleading. While Proton’s password manager encrypts all fields, a quick check revealed at least five other well-known password managers do the same.

Built-in authenticators

Claim # 2: Proton Pass is also one of the first password managers to include a fully integrated two-factor authenticator (2FA) and supports 2FA autofill.”

As KeePassXC pointed out on Twitter, other password managers have built-in authenticators that support autofill. KeePassXC itself has reportedly offered one since 2017. 1Password and Keeper also have built-in authenticators with 2FA autofill and Bitwarden offers a built-in authenticator that automatically copies the 2FA codes to your clipboard.

KeePassXC: Also you are certainly the not "first" to support 2FA autofill. Besides technically not being 2FA anymore if it comes from the same source, KeePassXC has supported TOTP since 2017 and we weren't even the first (far from it).
KeePassXC criticized some of Proton’s claims in its Twitter thread. Source: KeePassXC.

Verdict: Proton’s claim is again misleading. At least four other well-known password managers already offer built-in authenticators that either allow you to autofill the 2FA code or copy it to your clipboard.

Password hashing

Claim # 3: “Proton Pass uses a strong bcrypt password hashing implementation (weak PBKDF2 implementations have made other password managers vulnerable)”

This claim gets into technical details about how Proton Pass and other password managers operate. Fortunately, however, we don’t need to know all the details to evaluate Proton’s claim. It’s enough to know that PBKDF2 has weaknesses, but that many password managers are switching to a more secure option called Argon2 instead.

Bitwarden added support for Argon2 earlier this year, for example. Dashlane, NordPass and KeePassXC also use Argon2. 1Password and LastPass, however, still use PBKDF2.

KeePassXC called Proton out on this point, noting that “Most modern PW managers use either Argon2 or bcrypt.

Verdict: Proton’s claim is somewhat misleading. There are weaknesses with PBKDF2, which some password managers still use, but others are moving to more secure options.

The takeaway

Given Proton’s reputation, we can reasonably expect great things from their new password manager. Their communication strategy, however, could use some work.

Leave a Comment

Your email address will not be published. Required fields are marked *