Proton Pass is now available

Tempting. I've been using Bitwarden for awhile now and it's been fantastic. I am not sure I need to switch.

Same. I'll continue to use Bitwarden. I think it's good to have other open-source options out there, though. Proton Pass is definitely prettier and will appeal to some people that care more about the aesthetics.
continues to use Bitwarden also.
You can save a bit of money considering this is currently $1/mo or "free" with some package plans, but rest assured it is not as good as BitWarden or 1P and likely never will be. It's very MVP and Proton has a habit of promising products and features that don't see the light of day for years on end.
Proton's value to me is the "suite" of products they've developed at a very reasonable price so I don't have to manage and pay 5 different accounts.
- I bought it at $1 a month because it basically includes simplelogin for free. Which is normally $30 a year or more. The catch is you can only create simplelogin aliases via the password manager extension only.
Do not switch yet. Proton Pass offers nothing beyond Bitwarden, it's immature and hasn't been audited.

I’m a faithful Bitwarden user. No need to switch

The only thing keeping me from switching to Bitwarden from Enpass is that it's a lot more convenient having two separate fields for Username and Email. I want to be able to have both saved without creating a new field each time.

I wish that proton would focus on the depth of their present stack, as opposed to breadth.

I've been begging for rclone support for proton drive for a long time now.. without it, I basically have 1tb sitting there useless.

Same thoughts here. ProtonVPN under Linux is very poorly supported.
- Just out of curiosity. How is it poorly supported?
  I haven't used it much yet, but the times i have it seems to have worked fine.
- It's horrible. I've had to hack together a shell script to switch between countries using a bunch of openvpn config files. The official app broke my Linux Mint network setup.
- Wish I could up vote that 100 times!
This was an acquisition (SimpleLogin) then having the acquired developers work on Proton Pass.
It still took up some resources but it's not like they took all their developers off the other projects.
I'd like separate address inbox support for my proton mail web client
This is complained about over and over again, and the response is always the same: they have different teams working on different products. Just throwing more people and money at something doesn't accelerate development.
But yeah, I'll agree Proton development moves at a snail's pace.
I agree. Especially since tons of password managers exist on the market and in many forms. I would rather prefer that they improve Proton Drive and Proton Calendar, that are to me much more complementary to Proton Mail.
This is exactly my sentiment. I had an account with two mail users, custom domain, one VPN connection, etc. for a couple of years. It was nice but while ProtonMail is one of their most mature product, it still feels quite lacking compared to other offerings. And with every other product they have, things feel less and less thorough. I support their efforts, but don't really want to pay for the way they're doing it. I still keep an eye out though, because I think it has a lot of potential.
- I'll prob stay paying, as their integration with simplelogin is very convenient. What services do you use in place of proton that feels more mature?

I'm pretty sure the app is great, but I am not a fan of putting all my eggs in the same basket. I will keep using Bitwarden for the time being.

Same here. I'm fine using Proton for my mail & drive, but I also like keeping my passwords separate in bitwarden, and my 2fa separate in my raivo. A healthy separation is good.
Yeah I'm quite tempted to get on board with Proton as they could replace Tutanota, Bitwarden, Nord VPN and One Drive/Google Drive for me. Seems convenient and privacy focused but obviously all my eggs in one basket seems like something I might come to regret.
- At the end of the day, they may be the safest privacy-focused company out there, but they still own my data. Never trust anyone.

Thought this was about Valve's Wine fork and was very confused 😅

Any strong reasons to switch from KeePassXC?

Probably not.
KeepassXC with Syncthing is the best option I've found.
- Just wish KeepassXC supported Bitwarden export. Tried that earlier this week and it was no good. So staying on Bitwarden. I did install Proton Pass and tried it out. It is not as intrusive as Bitwarden on Android for permissions. Staying on Bitwarden for now . . . I hate passwords . . .
Probably none, if you're fine with KeePass. Personally I don't want to use anything that's hosted on someone else's server. It's a bit more inconvenient to use the local files of KeePass only, but I'd rather feel a bit safer with that, even if by all account BitWarden/Proton Pass would be fine.
- I like Bitwarden because it's reliable, secure, feature-rich, and incredibly reasonably priced. But also, if they ever do something that crosses the line, I can spin up a Vaultwarden on a VPS and move my vault in an hour or two.
  It's the same reason I host a dumb blog on WordPress owned infrastructure. I support FOSS companies, and like the ejector button freedom.
I would say the sync feature as it may be more convenient on iOS etc

Proton is starting to loose focus in my opinion. I've been a costumer for 5 years only using email and I moved this year to fastmail and I couldn't be happier. Unlimited emails alias, good apps, ability to use thunderbird without a self hosted bridge.

The promise of a encrypted email does not work if your contacts are not on proton too (for me was 100% of my contacts).

If you are really focused on privacy you would choose nextcloud for cloud for example and keypass or Bitwarden for password managers.

I would like them to focus on email client features and stop this side hustles.

Proton's whole reason to exist is to provide privacy, not email client features.
I hear what you're saying but Nextcloud is definitely not a viable option for reliable backups. Wayyyy too buggy to trust
- I can not be, nextcloud was just an example. I have never had an issue with nextcloud backups
- Certainly way too buggy if you're selfhosting. At least that was my experience. And if you're not, the privacy component really goes away.

This company is a love hate relationship.

They make good products, but they promise release dates over and over again, and miss them by 2+ years.

They also fuck people over by releasing apps to only their visionary memberships. Like okay. Guess my $150/month doesn't mean shit because I'm not visionary? Glad to wait 8 months for the beta to trickle down to me..

Still waiting on the ProtonMail Android app to be remade, and ProtonDrive Windows desktop app.

Edit: wait, I need a business plan to use this? What?

Ya, I'll stick to my $1.30 CAD per month for BitWarden over the $6 for this.

How.come u.r paying 150$/month? Havent you ment 150$/year?
I feel their business side is run by morons. I tried to setup a small business with them, and gave up when I couldn't wrestle a price out of their sales folks after two weeks of back and forth emails.
The protonmail app seams good to me on Android?
- It's missing so much that iOS has. They've said they are releasing a rewritten app, but keep delaying it.
  For example, there's no threaded email support on Android.
  https://proton.me/blog/2022-roadmap
  As discussed in the January update, Android will require more work as we are rewriting more of the application, with a big focus on performance and stability. This means some Android features you have requested for Mail are not in our immediate scope for delivery. In particular, conversation view (also known as threading view) won’t make it into the first version of the new Android app, but we hope to deliver it soon after release.
- Me too, I love all of their Android apps personally.
  YMMV based on the phone though.
Why do you need the paid subscription? I thought it was for businesses, organizations etc.
- Paid plan adds really basic features other password managers offer for free. Like auto copying of 2FA codes.
  Wouldn't be bad if I could just pay for it. The fact they are requiring me to upgrade to a different tier to do it is ridiculous. This model should be shunned hard.
  I shouldn't have to upgrade to an entirely different tier to unlock access to a different Proton service. I should be able to just subscribe to it. Especially since Proton has removed previous tiers in the past, so who's to say if I no longer want Proton Pass that I can downgrade back to my previous tier?
  Like ya, the business tier offers Pass Plus, Drive Plus, and VPN Plus, all of which I do not care about nor do I want. Stop bundling it together. Sell me Pass Plus separately.
  Terrible, terrible system. I am honestly over the way they manage their company, and I really think about leaving their services for good. I'm sure when they release Proton Notes it'll be in beta for visionary customers for 3 years before trickling down to us plebs that only pay $150/month and even then it'll only be available on their business plan.
  EDIT: actually it seems like they only offer 2FA on their paid plan in general.
  EDIT 2: for those wondering, I have a mail essentials business plan customized to allow a bunch of custom domains. The fact I pay SO much just to have a handful of custom domains, but the rest of my account essentially gets the same features as a FREE Proton account is insane. I'd love to pay less and remove Proton VPN, since I literally never use it, as Mullvad is better and cheaper.
  Why am I paying so much, but I am treated like a free user?

Unless I just miss it: it's not self-hostable, right? So it's open source but currently requires their infrastructure to be usable?

Correct. It's not self-hostable.
Open source client only.

I think these will either become obsolete or become passkey based, presumably the latter.
- Why?

I advice anyone against switching for now, especially if you're using KeePass or Bitwarden. Proton Pass has just been released, meaning it is not audited and it's immature. I would not trust it with my passwords just yet.

Proton Pass has already been audited by Cure53.
- Its also been in an invite beta for a few months so they would have had time to sort out major bugs and security flaws

Has anyone tried it yet? Two downsides for me:

there's no desktop app
there's no Safari desktop extension (I know most people don't care about this)

It's also more expensive than Bitwarden even at €1/mth

"no desktop app" One can use the iPad App on Mac with m1, tho sure not optimised for desktop.
"No safari extension" They announce it on their download page, so it should be available later.

Goodbye LastPass (I'm aware I should have migrated already but I was holding out for this)

Oh my god you're still on Lastpass? RUN!
- Not as of last night!
The most important step a man can take. It's not the first one, is it? It's the next one. Always the next step.

@protonmail Proton claims to be a privacy oriented company and yet their email app doesn't show push notifications without Google Play Services means you will either have to use Google Play Services or live without push notifications (if you are using a degoogled phone). If Tutanota app could show push notifications without Google Play Services, it is definitely possible. What a joke!!

@SoulKeeper While we rely on Google Play Store services for push notifications, they are end-to-end encrypted. To stay private when using Proton Mail on an Android phone, we recommend trying some of these tips: https://proton.me/blog/android-privacy .
We are also working on a complete rewrite of our Android app, which will allow for the improved functionalities and features to be added.
Wait what I have no google services and I get all the notifications. I do have microG of course...
I don't think that's true.
I get push notofications on my degoogled phone.

I was in the beta of it, didn't use it though as i am on 1password.

For me it's important that i have a desktop application. I don't want to open my fcking webbrowser anytime i need a password or want to edit some credentials.

And they simply don't have one. I gave it as feedback and they say it's on their roadmap. I said they should take 1passwords desktop as inspiration as it works so fcking good; I really love that floating quick search that you can summon with a keycombo.

Interesting. I only require passwords in my browser.
This is how I feel as well. The 1password desktop app is just too good to let go.
- Only issue i face here on linux is that the app crashes when i send my PC to sleep.
  Have to restart everytime i wake it up, therefore have to enter my password everytime...bummer
Lack of desktop app is indeed a bummer
- And as long as it's not there, i am sticking to 1password.

Awesome! How does it compare to BitWarden?

It doesn't have feature parity (yet?). If you're happy with Bitwarden, I'd stick with it.
- I probably would anyway. It was just in case Proton had come up with some killer feature or security measure that would blow everything else out of the water.

Is it open source though?

Great that it has an email alias feature built in. But I use 1Password and to me it's been so great that it'd be really hard to convince me switching to something else.

For the record, Bitwarden also has email aliasing built-in when generating a username:
- Yeah, but with Proton, the email service is built-in, while BitWarden relies on an external service (say a domain you use for catch-all).

I tried it and its pretty cool and polished, but Bitwarden is WAY better in every poseible way.

I agree with you there, KeePassXC is definitely the superior choice.

Been using Bitwarden for a few years now, but this one looks tempting. I suppose it has better UI and integrated 2FA sounds nice. Also I’m already a Proton Mail subscriber, so it could be nice addition to the ecosystem.

BitWarden has integrated 2FA.
- Oh right, my bad

If they're going to try to compete with Bitwarden they could at least offer 2FA for free instead of paywalling it as a feature. It was disappointing when Bitwarden did it, and it's even more disappointing with Proton - it's like failing an open book test.

You shouldn't be using that feature anyway. Keeping your passwords and 2FA in the same place means you only have 1FA.
- It's mainly a difference in threat model. 2FA within a password manager is still 2FA for concerns of a website login being hacked by remote adversaries, which is the most important problem to solve.
  If you use 2FA within your password manager, you should still lock that outer-most password vault with 2FA from a separate device (like you said), which solves your password vault being hacked by remote adversaries. Optionally, you can then use aggressive idle-locking of your vault on your personal devices, in case they're stolen physically.

I’m all for open source alternatives to bitwarden but this is non competitive with a mandatory subscription fee. Bitwarden is completely free for most users.

I thought the same thing but it actually does have a limited free plan. Seems like, similar to BW, it restricts 2FA behind the pass, but also with the pass you get unlimited hide-my-email aliases, multiple vaults to organize in (I don't know what this means), and eventually autofill credit cards.
This is quite a bit more expensive than BW's paid plan though. Not sure what all differences it has to BW otherwise.
\

2FA is a paid feature!

- That's true "don't put all of your eggs in one basket"

Th email protection is nice, but my one of my mails is already full of spam, so I don't care any more and just use that when I don't trust..

I think you log in with your proton account, that supports yubikeys for 2fa

What does 2FA authenticator mean? Is it a vault to store your 2FA seeds?

yeah, although using a password manager as a 2FA provider sort of negates the "2F" part.
- Depends. I use 1Password and let it store all my 2FA, because my 1Password login is secured with another 2FA.