I recommend using a single-use virtual card or a non-funded card for the sign up, as the subscription automatically renews at $47.88 for 12 months.
Proton Pass Plus
Unlimited logins and notes
Unlimited devices
Unlimited hide-my-email aliases
Integrated 2FA authenticator
Organize items with multiple vaults
Autofill credit cards (coming soon)
Referee gets 30 days free ProtonMail Plus.
Referrer gets 1-3 months free ProtonMail Plus once referee buys their own ProtonMail Plus plan (<12 months subs = 1 month, 12+ months = 3 months).
How they compare to Fastmail?
Well if you want to have the choice to end the subscription, you are much better doing as the OP says. In fact even then it is risky - you may lose access to your data at the end of the free period. It works as follows for the Proton email/vpn paid tiers (unless they've fixed this in the past few months):
There is no way for you as a subscriber to notify Proton in advance that you want to end the subscription without cancelling the service at that moment - so you can't enjoy the full year/period you've pre-paid for without risking being billed again if you forget to cancel on the final day. And the risk is that even if you use a single-use card number, they will lock/hold your email account to ransom for the "unpaid invoice" they issue on the last day, instead of gracefully downgrading to the free tier. This is what happened to me, and they only agreed to unlock it after a lot of back & forth and because I had previously asked about this problem before the subscription period was up.
I love the service, but their subscription policy is bordering on sneaky. Apologies if they've fixed it in the past few months.
They’re both good, but different enough that you can probably draw a line based on your requirements.
Proton has a suite of products such as their VPN, cloud storage and now the password manager.
For mail, I think it comes down to whether you want to be 100% locked into protons apps or whether you want to be able to use other apps with your mail, calendar and contacts, particularly on mobile. Proton doesn’t expose IMAP, Caldav etc. The impact is that on a mobile device, you can’t use third party apps with Proton so you are forced to use their apps. Many people find this OK for email but might find it limiting for contacts and calendars.
Fastmail allows you to use whatever app you want for contacts, calendar and email.
On a computer Proton has a bit more flexibility as it has a bridge tool that allows you to run a local service that standard clients can use, but this doesn’t apply to mobile.
For me it’s about whether you want something super private but locked down to Protons apps, or want a mail service that is private (in so much as data isn’t being sold) with the flexibility to use whatever apps you like.
FWIW I think both fastmail and Proton both have decent mail apps. Protons calendar app is a bit more immature though than some third party options.
you can’t use third party apps with Proton
Kind of the reverse problem of MXROUTE's reseller mail account. They don't offer an official app for them to use, locking them into either the webmail or linking IMAP to third party accounts. Kind of a pain because I think a native app would be a lot easier for them. But oh well, they asked for it.
I’d absolutely pull the trigger if there was a discount going on for the Unlimited subscription at the moment.
I have a couple of different ProtonMail email addresses that I’d love to switch between easily so upgrading to the mail plan would be great, but the entire suite looks so versatile.
They did Black Friday deals last year, so maybe check back in a month.
FYI even if you have a paid plan currently you can only log into one free account at a time on mobile, unlike on a browser
If you’re already on their unlimited plan, this comes as standard for no additional cost. Just download the app, log in with existing credentials and go
Is this just the password manager? I thought "Proton Pass" was the suite of all their apps.
Yes, it is just for password manager.
I hate that. I have Plex Pass and I keep getting caught by Proton Pass vs (I double checked) Plus.
I signed up for this a a few months ago $12/year lifetime discount. Well worth it.
Allows the generation of on-the-fly alias emails, integrates with Brave browser and can import from current PW managers (Bitwarden, etc)
You're giving permission and what type of data on your device they've got access to and how, when is it going to be used down the track.
Yes, you can. Swiss privacy laws, GDPR on top of that, zero-access encryption at rest, open source software. My bet is you're the kind of person who reused their master password elsewhere, or thinks that Password123! is a good password.
On top of that, you've upvoted the deal…?
@drazenm: Great retort there - addressing the least important part of my comment and ignoring the good bits.
Apps that I have 2fa for and that everyone else should too - Email(can be used to change other passwords) and Paypal.
There are 100 different ways some could have accessed your Google account without it of having anything to do with the password manager.
I'm sorry this happened to you. A proper password manager is vastly superior to saving passwords directly in a browser, or even not saving passwords at all. If someone has access to your computer (ie. you clicked on "the wrong thing"), extracting saved passwords from the browser is a simple proposition. Extracting passwords from a password manager is a much more difficult endeavour for a bad actor.
By not using a password manager (or your browser), it's almost guaranteed you are using short, memorable passwords that get re-used for multiple services, or passwords reused with slight, predictable variations. This carries its own risks (if one account gets leaked, bad actors will try to access your accounts on other services using the leaked password - aka credential stuffing) You can check if an account linked to your email address has been breached here:
https://haveibeenpwned.com/
All that said, I'd recommend Bitwarden over the product listed here.
@j33prong: Thanks for the advice, I appreciate it. Upon checking :Ulmon, Shop Back, Jefit, Deezer, ai.type.
Everyday websites, apps, we all use and are reassured they're safe….
@ozilicious: Really, in short, nothing stands out about Proton Pass. It's a relatively new product with just the barebones. BW does all it can and more for free. If I was going to pay for a password manager, it would be something that has extra features like 1Password. Not seeing the value proposition for paying for Proton Pass right now.
@teeendee: This comment demonstrates the difference that threat models play, and their relevance to the threat/s an individual is seeking to address.
Main points of differentiation I'd posit: Product/service codebase, development, maintenance and production oversight, and the nature of the providing Organisation and the jurisdictions it operates in, or is susceptible/vulnerable, to.
But as with all things security related, YMMV.
@drazenmnm: PP is not telling you to put all your secrets in one place.
Note: Most half-decent services allow you to store what you need to, when you need to. Most users will store only what they find it useful to store there, and the half-savvy and security conscious will resist any such temptation to include too much- so there is no single point of failure preventing mitigation or disaster recovery.
@ozilicious: Bitwarden is open source and well established. You can self-host your own instance of Bitwarden, though for most people I wouldn't recommend that. Both Bitwarden and Proton Pass have undergone independent security audits, though Bitwarden has the additional benefit of anyone being able to review the source.
Both are probably fine and either is recommended over not using a password manager.
@j33prong: Thank you for your reply, very clear and helpful
I didn't know only BW can have anyone review the source, could you say why PP can't? I thought it was open source too
Looks like someone forgot their meds.
Bitwarden…
Bitwarden.
This has a few features that Bitwarden definitely doesn't (coming from somoene who uses both daily). That being said, you're better off paying for Proton Mail and getting the whole suite of products (this included) with it.
If you dont mind me asking. How is it better than Bitwarden.
Other than aliases, I'd also like to know what features you've noticed PP has that BW doesn't
I also prefer PP than BW (Have proton unlimited so PP is free, but when I had BW, I paid for premium)
Since it’s free, you might as well try it. I personally think PP has better UX in mind. BW feels like an Android 5/6 app.
Currently BW has more features, but PP is good enough and I do believe with having much more devs on it, it will be at parity within 12 months.
@askbargain: I also have been a paid user of bitwarden and proton for years, use yubikeys on both.
Tested protonpass when it launched as it was included in my existing proton plan and decided to switch over earlier this year and canceled my bitwarden sub.
Both are good, depends on what your needs are.
Bitwarden has integration with simplemail (an open source email alias service that can also be self hosted) and will easily generate email aliases with a click after initial setup.
@ozilicious: Apologies, it’s SimpleLogin (was in my morning haze) - https://simplelogin.io/
Bitwarden integration - https://bitwarden.com/blog/add-privacy-and-security-using-em…
Looks like BW supports integration with other email forwarding services too…
Note: you can use your own domain with SL so you don’t need to rely on their domains
@Rebengaaa: Ah yes, thanks for clarifying.
SL is part of Proton but didn't know BW integrates with it!
List one feature that is necessary that bit warden doesn't have.
I think my free BW doesn’t have the 2FA feature?
Looks like PP dose?
Nobody said necessary. Just Proton has a couple features that are nice to have. I find that Proton has a more complex password generator system that can be tuned with more granularity compared to BitWarden. It also has the aliases feature that I touched on elsewhere in the thread.
Thanks OP.
I'm interested in this potential hide my email feature, I'll have to look into that a little more.
Basically you have your normal email, and when signing up to a website you select to use an "alias" via the extension. This then creates an email on the spot which forwards all emails to your actual email account so you never have to reveal to a website what your real email is. For example, I just created one while on here and it gave me "[email protected]" as one, with four more options (and custom domains) available. You can have unlimited aliases so one for each site. Great way to track what websites are actually selling off your data and handing your email over to random corporations and such.
NB - don't bother emailing that address, I didn't actually create it.
I appreciate you taking the time to explain the process. Thanks.
Doesn't that mean you are stuck paying annual fees forever to ensure the email address forwarding and management continue to work?
Sure, but there are also websites that I want to trial or test. For example, sometimes I want to buy some thing at a reasonable price, but I have to give my email and location to calculate shipping cost (Shopify). After I give my email and location, the shipping coasts are extortionate and a no-go. But since I gave my email, I'm in their system and the emails begin.
Or, service websites that have a 'lite' version that is free, but also a full version that is free (but more detailed) version that requires your email.
I pay for Proton Unlimited which gives me email, VPN, calendar, password manager, and cloud storage. Well worth it to stay the (profanity) away from Gmail, Hotmail, Yahoo etc. I've literally got their VPN running 24/7 on most of my devices and I've never had an issue.
I never really understood the bogus email thing, you create an email that forwards you the emails to your real account as to not let the company know your email (I assume to protect you from spam) yet this email forwards all the spam to your real email anyway?? Am I missing something?
You can deactivate the address so if that email gets leaked, nothing gets forwarded to your inbox.
@BatmanAU: I use it not so much for spam mitigation (I don’t find I have a spam issue anyway), but so that all my various accounts are not link-able to one another if my data is exposed. Most services don’t need an postal address or other identifier, so it’s your email address that follows you. Having a different address per service makes it harder for leaked data to be linked to other data sets.
Checking have-I-been-pwned, unfortunately sites and services often handle data poorly and my accounts have been involved in a number of leaks, including services my data was sold to who I never engaged with myself. Making that data hard to collate I think is only beneficial.
@Smigit: Nice one, I have always been sceptical to use have I been pwned as your checking an email that actually exists, so you are technically giving a site your email that you want to keep safe, but if they get hacked or eventually sell your data, you have your email that may not have ended up in a havk
@BatmanAU: Having my address and nothing else, if you believe they may be logging that, doesn’t really tell them a great deal of anything other than the address exists.
They know this anyway since the address (my main address, not per service) appears in data breaches.
And now we all know your regular username in the outside world is bacteria445.
Seems an odd choice to me but I suppose there were 444 others, so maybe I’m the odd one out here
Nope, it’s randomly generated all the time.
As askbargain said below, it's a random word and number every time. It's literally just "websitename" + "dictionaryword" + "number".
I was kidding… I've used email aliases before 🤦♂️
icloud+ does the same
i never knew this and i’ve had the 50gb tier for years. this makes it so worth it, cheers.
I think hidemyemail started 2 years ago.
If that’s the “only” feature you’re interested in .. I suggest you look into a different product from them called “SimpleLogin” instead.
I bought Proton Pass (before knowing what Proton.me was) .. and went through the headache of trying to figure out their products cause everything is so integrated.
Anyway, I’ve found SimpleLogin to manage the numerous email aliases much better, bought that and now Proton Pass has been collecting dust. (Also I believe the email alias on Proton Pass is based off / using SimpleLogin).
Will need to get around to learning how to best use Proton Pass one of these days.
PP aliases are not based off / using SL, to be clear they're not integrated… At least not yet
Thanks for the correction.
I dunno. I started off using Proton Pass first but then crawling through web saw a mention of SimpleLogin. And when I logged into SimpleLogin, the alias I had created in Proton Pass was there. I was able to remove the Proton Pass alias but was unable to recreate a new alias under the Proton Pass domain (passfwd.com). That’s why I thought they were integrated (or at least in some way.)
At launch it was also a bit unclear because of the reports of people with SinpleLogin subscriptions getting the Proton Pass subscription. (I know now that was a limited time thing and they are two separate products.)
@lamb: Wow really!? My PP aliases did not show in SL, thanks for correcting my correction, I've sent a support ticket
@ozilicious: Yeah, all my PP aliases are manageable in SL, the entries' alias description is "Created through Proton".
@ozilicious: It was a (short lived) "freebie" .. from the reply I got back from their customer support .. it was during the time when they first launched it, you had to have already had a SimpleLogin premium subscription.
I found the old link I first got the info off of:
https://discuss.techlore.tech/t/good-news-proton-pass-plus-f…
Hopefully that is of some use. GL
I'll have to note your recommendation down and take some time to do some research comparing SimpleLogin against some other potentially market-dominant apps in this area.
If you haven’t done so already, take a look into DuckDuckGo. After I signed up for SinpleLogin and used it for a bit .. I received a notice from DuckDuckGo they were offering a (free?) alias service but I didn’t try it. (No time and I needed to settle on using something.)
Have fun, I’d be interested to see what you find/think.
I've been through all of this and went through the following process:
| Attempt | Type | Problem |
|---|---|---|
| 1 | Normal email address | What if it is compromised? Spam, other accounts potentially vulnerable. |
| 2 | + email addresses | Main email address still can be compromised, not as easy to block/delete the address. |
| 3 | Email forwarding service, their domains | What if the service goes bankrupt/dies? Or what if the service turns bad? Stuck. |
| 4 | Email forwarding service, custom domain (I own it) | If the service suddenly stops or turns bad, I can simply move my domain elsewhere. |
It's been a long road for my ~400 accounts. Trial and error, eventually discovering pitfalls along the way and having to start over again.
Here are my top tips:
Don't use a free or paid for service unless you can use your own domain. If that service stops or isn't working correctly, then you're stuck. Probably not a huge issue for a small number of accounts, but with everything requiring an account these days, easy to get to 100's of them quickly and a lot require verification to the old email address in order to change to a new one.
Don't use [email protected] (e.g. [email protected]). If someone sees [email protected], it's easy to work out [email protected]. Two ways you can handle this - [email protected] or [email protected].
Let your password manager do the leg work. A decent password manager like Bitwarden will have API access to these email forwarding services. Let the application do the work.
Don't use a complicated custom domain. I started off with @mail.domain.com and eventually found that trying to use it physically (talking to real estate agents, going to the dentists office, etc.) tiresome.
SimpleLogin and AnnonAddy are the top two services in this area, but if you want to save some $, a custom domain with a catch-all service (i.e. all email addresses under a domain) will work, but this will not allow you to reply as that email address.
Further notes:
.com and .net domains are more widely accepted (i.e. not blocked by services), but are not very cheap per year, especially if the plan is to have this setup for life.
If you're looking for the cheapest option long term, .xyz domains with 6-9 numbers are like $0.85/year. Sign up with a provider like Namecheap and they'll add free domain privacy as well.
The email forwarding services provide quite a number of apps/extensions/etc. but I found myself using them less and less over time, my password manager does all the work.
Simplelogin was actually bought by Proton, and is the basis of the alias feature in proton pass
Ahh .. I see. Thanks for the clarification.
Why ppl pay for these services when there are native services such as keychain
Because not everyone has a Mac?
… or want to be locked into Apple's ecosystem.
All OS's have pw management built-in, and/or something better in their software ecosystem (E.g. KeePass).
@resisting the urge: Unless I've had my sand for 20 years, Windows sure as hell does not have any sort of PW management built into it.
Pay? For a password manager?
KeePass is excellent, open source and free.
Typical Mac user, assumes the entire world is inside the walled garden…
Apple? No. Thank. You.
Because third party services can be easier to use and offer more flexibility
I signed up for this when the lifetime deal first came out for proton pass for $12 usd a year and have absolutely loved it
How DO you use it? I’m so use to KeePass and that I don’t even bother signing in the Proton Pass extension. Proton Pass feels very different than the way KeePass’s extension interacts with me.
I also kinda found it annoying that it automatically logs into proton mail that’s signed in on Proton Pass just by going to their site (and was forced to have a Proton Mail account when I signed up to subscribe. I thought I was just getting a password manager.
Your Proton account is your login for all Proton apps, they have five so far (not counting SL).
They're all free but you likely only have paid features for the password manager if that's your subscription.
1Password.
I second that. I have the old standalone app that's still maintained but can't be purchased anymore. It only syncs via iCloud but that is enough for me.
No subsections
It’s not really maintained. They said they may patch critical vulnerabilities and issues that would prevent a user moving to 8.x, but otherwise it’s discontinued.
https://1password.community/discussion/139652/when-does-1pas…
That post was from April, and last iOS update was 8 months ago.
Also
https://support.1password.com/kb/202303/
It’ll probably work for the time being but once it breaks with an OS or browser update, that may be it.
I find Revolut disposable not being accepted
I make a regular Revolut card and then delete it after use, the set of numbers works were the disposable doesn't.
You could pair this with the free entry proton mail and utilize the unlimited email aliases from this offer.
bitwarden or 1password
Bitwarden.
It may not be as pretty as 1password, but premium is cheaper (if you even need that) and it's open source… It just gets the job done.
exactly
How do I cancel auto-renewal, I rarely use my real card except this time.
You can substitute your current card with another one.
Good idea
I recommend using a normal card because Proton and their entire suite of products is worth every penny.