this post was submitted on 19 Jul 2023
201 points (99.5% liked)

Proton

5065 readers
1 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

Hey,

Proton Pass is open source and has now passed an independent security audit (by Cure53). The Android and iOS apps source code can be found here, the browser extensions source code for Firefox and Chrome-based browsers (including Edge) can be found here.

Proton has also completed an independent security audit conducted by Cure53 for all Proton Pass applications and browser extensions, along with the Proton API. This was a “white box” audit, meaning the security researchers were given full access to the Proton Pass source code, along with full access to Proton Pass engineers.

More information can be found in the blog post over here. The audit report can also be found in the blog post.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago

Another nitpick I have is using the same password for my email to also secure all of my passwords and generate my TOTP for 2FA. If my Proton password gets compromised then all of my passwords, my 2FA, and my email are compromised. Seems like a pretty serious security risk, but I'd really appreciate it if someone who knows more about security could explain to me why this is actually okay.

Personally I don't use 2fa in my password manager unless it's something I don't care too much about securing because of everything you said. I use bitwarden but they offer the same service. My boss uses it and I can't understand why he would trust one password to secure literally everything. Seems too easy to hack compared to keeping 2fa separate.