from the team:


Hi everyone,

We’re happy to announce that the 2nd highest-voted feature request is rolling out this week — Proton Pass Monitor.

Proton Pass Monitor keeps your data safe with dark web monitoring, checking for weak and reused passwords, scanning for accounts with inactive 2FA, and providing easy access to Proton Sentinel.

You can also check out the following support articles:

https://proton.me/support/what-is-pass-monitor https://proton.me/support/how-to-use-pass-monitor

Let us know what you think! As always, we appreciate your support and feedback.

— Proton Team

P.S. We also want to give a huge shoutout to u/Alfondorion who (along with many others) suggested the name.

It may take a little time for Proton Pass Monitor to become available on all platforms, thanks for your patience!

  • akilou@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    7 months ago

    How does Proton decide if a password is weak or not? About half (361 of 678) are considered weak, and I used either Bitwarden or Proton Pass itself to generate a random one. A bunch of the ones I’ve spot checked have upper, lower, numbers, and symbols and they’re still getting flagged as weak. I wish there were a more granular scale because I’d be happy to change the passwords that are truly weak but I’m not going to change hundreds of passwords to a different random string.

      • akilou@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        They should either have more tiers or let you sort by entropy so I can focus on changing the least secure ones first

        • retro@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          The tiers are vulnerable, weak and strong. Change the vulnerable ones first then the weak passwords

          • akilou@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            Yeah, but I have zero vulnerable and hundreds of weak. And like I said the “weak” ones were auto generated anyway.

    • ChiefGhost295@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      If something is weak, it is Proton’s knowledge of password strength. For example, they call a 16-character password without special characters “weak,” which has around 95 bits of entropy, so this doesn’t make sense. They also overemphasize the role of special characters in passwords, as just increasing the password length by a single character would add more entropy than enabling special characters. Furthermore, many of Proton’s articles regarding password strength contain a lot of misinformation. This one talking about password entropy might be their worst yet. You cannot seriously claim that a single word, “Bankruptcies,” has 68.4 bits of entropy, which also isn’t the only inaccurate claim that the article makes.