PP
- Category
- Passwords · SaaS alternative
- Cost
- Freemium
- Country
- Switzerland
- Licensing
- FOSS
- Platforms
- Web · iOS · Android · Linux · macOS · Windows · CLI
Pros and cons
+ what works
- +Swiss jurisdiction and non-profit foundation as primary shareholder of Proton AG
- +Clients are open source under GPLv3 with a published Cure53 audit
- +Hide-my-email aliases, integrated TOTP, and passkey support all built in
- +Free tier covers unlimited logins on unlimited devices, with 10 aliases and 2 vaults
− watch out for
- −Server-side stack is closed source, so the zero-knowledge claim still rests on audit plus trust
- −Pass Monitor dark-web alerts, integrated 2FA, file attachments, and Proton Sentinel are paid-only
- −No self-host option; vaults live on Proton-operated infrastructure
- −Strong pull toward the Proton ecosystem (Mail, VPN, Drive) for a single account and billing relationship
Privacy notes
Vaults are end-to-end encrypted client-side: each vault key is a 32-byte random key encrypted to the user's key, and items are sealed with AES-256-GCM. The user key is wrapped with a bcrypt hash of the account password, and login uses a hardened SRP exchange so the server never sees the master password. Proton AG operates under Swiss jurisdiction and, since June 2024, is controlled by the non-profit Proton Foundation in Geneva. Cure53 audited the mobile apps, browser extensions, and API in mid-2023 with the report published; Proton holds ISO 27001 (2024) and SOC 2 Type II (2025) across the wider Proton stack.
Tags
#password-manager · #swiss · #e2ee · #foss-clients · #audited · #aliases
Comments (0)
No comments yet. Be the first.