Hey everyone, how do you evaluate the company Proton AG, the owner of Proton Mail and Proton Pass? I’m in the process of migrating some accounts to their platform, but I’ve always been wary of using a password solution, especially after the LastPass incident. I used to use Keepass stand alone, but it’s quite cumbersome. So, how do you assess their credibility and security? Just saying that it’s Swiss and has scientists doesn’t really help, lol. Thanks!

  • Overwrite7445@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I would suggest looking into other options for PW managers like bitwarden. Having email, calendar, drive, VPN, and PW manager all from one provider just means there is a single point of failure.

    • Dremor@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      All Proton services are e2e encrypted, so even if they are breached, there is little data available without having to crack each user keys.

      Still, the password manager is still new, and there is still a lot to iron out. So I would advise against using it as main password manager. But it is promissing.

  • Dremor@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I uses Proton services for a long time, and am a paid user for more than 6 years (and more if you count when I was on the free version). I never had any problem with them, and had at worst a day of downtime when they got ddos some years ago.

    Services are solid and well designed, feedback are listened to, only downside is a closed-source backend (but the frontend is open-source, if I recall well).

    Only thing to take into account. If you loose your password somehow, you loose all your data. So keep the recovery keys very preciously.

  • CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Unless you’re a big company, they won’t give two craps about you. If you’re a large company you can ask to audit them and reveal some of their security practices. Chances are if they don’t just talk the talk but also walk the walk they’ve been already audited by a third party, which if you choose to trust can be enough in your case. The reality is you cannot know what goes on in their backend, you can only know what’s going on in your backend.

  • Steve@communick.news
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    especially after the LastPass incident.

    Which one?

    Serously, I think LastPass has the worst security record for any password manager. Ever. And I think they’re the only who sold to some management company.

    Proton is solid. So is Bitwarden.