Proton Pass protects your passwords with the same proven end-to-end encryption technology that secures over 100 million Proton accounts, and has been battle-tested for a decade with Proton Mail.
End-to-end encryption
We built Proton Pass on the same security foundation that supports all Proton services.
With end-to-end encryption, your data is never accessible to us and only you can decrypt it using your secret password.
Not only are your usernames and passwords encrypted, but all metadata is also secure - not even Proton can access this data.
Open-source code
As scientists, we know that transparency and peer review lead to better security. All Proton Pass apps are open source and can be independently reviewed by anyone. Our security claims are not mere claims, but facts that can be independently verified by all.
Independently audited
Like all Proton services, Proton Pass has been audited by independent third-party experts, and such security reports are available to the public. Proton Pass security is also enhanced by a public bug bounty program, that invites and rewards security researchers who can identify security improvements in our apps.
Advanced security and privacy features
Proton Sentinel
Proton Sentinel allows Proton Pass to protect your data even if an attacker has the correct password. Sentinel uses sophisticated AI systems that protect over 100 million Proton accounts and can identify the signatures of threat actors.
Together with human security analysts working 24/7, it blocks malicious logins more effectively than automated systems alone.
Alternative routing
Proton helps people who live under governments that are hostile to privacy. Alternative routing is an advanced anti-censorship feature that allows you to access your password manager even if your government or internet service provider tries to block access.
This means that Proton Pass can work even if you travel to countries with strict internet censorship.
256-bit AES-GCM vault encryption
Passwords and other items stored in Proton Pass are kept in encrypted vaults. When you create a vault, Proton Pass generates a 32-byte random vault key that cannot be brute-forced.
Your data is encrypted with 256-bit AES-GCM. Nobody (not even Proton) can read or create new vault keys.
Passkeys
Proton Pass supports the use of passkeys across all devices. Passkeys are a convenient and secure alternative to passwords, designed to protect against phishing and data breach risks. Passkeys use cryptographic key pairs for phishing-resistant sign-in security.
Secure Sharing
Proton Pass makes it easy to share streaming service logins with your family and simple to share company accounts with your colleagues. Password sharing in Proton Pass is a free and secure way to share sensitive information.
OpenPGP with ECC
In order to protect your vault key and facilitate the sharing functionality (in case you want to share a login with a trusted third party), Proton Pass uses the OpenPGP encryption standard with elliptic curve cryptography (ECC Curve25519).
OpenPGP is open source, has been audited and battle-tested for nearly 30 years, and has no known vulnerabilities. Proton’s OpenPGP implementation is also modular, to allow easy upgrading to post-quantum encryption algorithms in the future.
Passwords are only part of the equation
Proton Pass is more than a password manager, it’s also an identity manager that helps to protect your privacy.
Create a unique email alias for each website
Your email address is your identity. Proton Pass helps you protect your email address by generating unique email aliases for each of your online accounts.
By using hide-my-email aliases, in the event that any of the services where you have an account is hacked, malicious actors cannot discover your real email address.
Furthermore, if your email alias is sold or leaked by a third party, you can easily disable it to stop spam.
Metadata encryption
Passwords are not the only sensitive data a password manager contains.
Metadata, such as the websites you have accounts with, is also extremely sensitive as it may reveal your email, browsing history, political views, and other information you want to keep private.
Proton Pass doesn’t just encrypt the password field but applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in your encrypted notes.
This data is never available to Proton and consequently also cannot be extracted by third parties.
Swiss privacy
As a company based in Switzerland, Proton is protected by some of the world’s strongest privacy laws and outside US and EU jurisdiction.
We are prohibited from sharing the little user data we have with any foreign authorities, and under no circumstances, are we able to decrypt the data you save in Proton Pass.
Blog
The Proton Pass security model
Proton Pass is unique in that it was designed from the ground up to have a strong focus on privacy and security. It therefore has a more complete encryption model than most other password managers.
Blog
Proton Pass is open source and audited
Given the sensitive information you protect with your password manager, it’s crucial that you know exactly what’s happening inside it. Because Proton Pass is open source, anyone can inspect our code and ensure that the apps work as described.
Blog
The Proton Sentinel high-security program
Accounts enrolled in the Proton Sentinel program are monitored 24/7 by software and teams of security analysts who are experts at detecting infiltration and account takeover attempts. This provides enhanced protection and support.
