Proton Pass review: A highly secure password manager with easy to overlook flaws

A good password manager focuses on security: keeping your passwords, credit card numbers, and other sensitive data locked in a digital vault until needed. Proton – the privacy-oriented company behind Proton VPN and Proton Mail – incorporates features into its password management tool to help you hide your identity and quickly identify leaked information. 

Proton Pass has two paid plans and a free plan. The no-cost Proton Free plan allows unlimited logins across unlimited devices, basic password health alerts, and a few limited privacy features. Pass Plus for individuals costs $36 per year, while Pass Family runs at $60 per year for up to six user accounts. Both include payment method storage, dark web monitoring, unlimited hide-my-email aliases and forwarding, integrated two-factor authentication (2FA), secure vault, and item sharing. 

Also: Proton VPN review: A very solid free VPN with robust leak protection

Proton Pass is also included with Proton Unlimited, allowing you to purchase the full Proton services (Proton Mail, Proton Calendar, Proton VPN, Proton Drive, and Proton Pass) under a single $120 annual subscription. If you start with Proton Free, you can get a good sense of the service before subscribing, and the company offers a 30-day refund guarantee if you change your mind after you purchase a paid plan. 

Proton Pass is available across most major platforms: desktop apps for Windows, MacOS, and Linux; mobile apps for iOS and Android; browser extensions for Chrome, Firefox, Brave, Edge, and Safari; and a web app. 

Installation and setup process

To start with Proton Pass, you’ll create a universal Proton account login with an email and password, follow the prompts to verify your account, and display your name. If you add any other Proton apps in the future, you can manage your accounts with this same login information.

Also: The best LastPass alternatives: Expert tested

While you don’t have a separate password for your Proton Pass vault (on the web, located at pass.proton.me) by default, you can create one under Settings > Security. You can also set up 2FA for your vault using an authenticator app or security key on your global dashboard via “Account and password” if you want an extra layer of protection. While on your global dashboard, install all the relevant apps and browser extensions. (If you’re on an Intel-based Mac, grab the MacOS app from Proton’s support page.) You can also set up account recovery with a verified email or phone number. 

The desktop app mirrors the web vault, so you can use either to access your data and Proton Pass features, though you will need the browser extension to autofill credentials. Click the settings icon to import passwords from another password manager — Proton Pass supports a range of file types as well as .csv uploads — or add individual logins, aliases, payment methods, notes, or identities using the plus sign in the upper-right corner of your vault. 

Proton Pass has fewer unique record types than competitors like Keeper and 1Password. Still, you can store information like passport and license numbers, social media handles, and custom fields under an identity. 

Download the app from the Apple App Store or Google Play store to use Proton Pass on mobile. In your device settings, you can enable autofill and set up biometric access (or a PIN code) from your profile page (the far-right icon in the bottom toolbar) under Security > Unlock with. 

Proton Pass is not the most intuitive app to navigate, with settings spread across multiple menus and dashboards. It may take some trial and error to find what you are looking for. 

The basics

Proton Pass auto-filled my credentials and identity on my devices, though the browser extension didn’t work as smoothly on some websites. Proton Pass does not currently support autofill for payment cards, so you must copy and paste from the extension when checking out. It was also easy to generate a suggested password and save a new or updated login to my vault. 

Proton Pass allows the secure sharing of individual items via a secure link and entire vaults. With link sharing, you can set an expiration date, restrict the number of views, and track your secure link history from your vault. Vault sharing is not standard with password managers outside of family plans, but you can add up to 10 other Proton users via email invitation as viewers, editors, or admins. 

Also: The best password managers: Expert tested

Proton Pass supports biometric unlock on mobile and desktop apps (iOS, MacOS, and Windows) and can use a PIN code for the web vault and browser extension. You can enable auto-lock from 1 minute to 1 hour or keep your vault unlocked. Proton also integrates with passkeys and time-based one-time passwords for websites that support these features. 

Unique features (and how well they work)

As a privacy-forward password manager, Proton Pass’s unique features aim to protect your data from prying eyes. 

Pass Plus and Pass Family users can create unlimited unique email aliases — Proton Free allows up to 10 — to hide their real email addresses when creating new accounts, signing up for newsletters, and purchasing items online. Ideally, this accomplishes everything from reducing spam in your inbox to outmaneuvering online trackers to limiting the risk of credential-stuffing attacks. 

When signing up for a new account, you can generate an alias from your vault manually or with the browser extension and use it to create a login with a password. Emails will be forwarded to your default Proton address unless you have multiple options to select from. You can later disable or permanently delete aliases if they are no longer needed.

Also: The best password manager for iPhone: Expert tested

Proton Pass also offers dark web monitoring with paid subscriptions, so you’ll be alerted if sensitive information associated with your email or aliases is exposed in a breach. You can add any email addresses you want to monitor, and Proton will automatically include Proton addresses and aliases you create. Pass Monitor also shows you weak and reused passwords in your vault. 

Finally, Proton has an AI-supported monitoring program for paid subscribers called Proton Sentinel. This program detects and addresses suspicious events, such as unauthorized login attempts. When Sentinel is enabled, you get more detailed security logs in your global dashboard. The average user may not find this feature useful, but it can safeguard those targeted by cybercriminals. 

Proton Pass is open source, relies on strong AES-256 encryption, and has undergone an independent security audit. 

ZDNET’s buying advice

Proton Pass is an excellent password manager for individuals and families, especially those who want to be more incognito online while also being able to access (and share) log-in credentials and other data. If you already use Proton’s other privacy tools or plan to in the future, you’ll have solid password management under the same umbrella. 

Proton Pass still lacks some essential features and can be confusing to navigate, but it offers excellent value overall for both paid and free users. 

READ MORE HERE