I recently had the opportunity to test Proton Pass. I like it, but I’m not ready to switch from Bitwarden yet.
Proton Pass, like Bitwarden, is open-source, end-to-end encrypted, supports 2FA, and has a password generator. It also supports several data types, such as logins, aliases, credit cards, notes, and passwords.
Proton Pass has three advantages over Bitwarden:
- UI/UX. It’s not the most important thing, but it’s worth emphasizing that Proton Pass’s user interface looks much better than Bitwarden’s.
- Password autofill. Proton Pass’s password autofill works when you click on a form field, similar to KeyChain. When using Bitwarden, you have to click an item in the list or use the
Cmd+Shift+Lshortcut. - Safari extension. Proton Pass does not require a Safari extension. However, you do need to have both Proton Pass and iCloud KeyChain enabled in AutoFill settings.
However, this is not enough to make me switch to Proton Pass for several reasons:
- It requires a 2FA code instead of my hardware authentication device (YubiKey) during login. I would like to use YubiKey, as I do with Bitwarden and Proton Mail.
- It does not support attachments. I use a lot of them in Bitwarden.
- It does not support organization vaults, or at least I couldn’t find any information about it.
- It is still quite new software, so maybe it is worth waiting for a while.
- Although I have some confidence in Proton, Bitwarden mentions GDPR, Privacy Shield, HIPAA, CCPA, SOC 2 & 3, and other third-party security audits on their website. I couldn’t find more than https://proton.me/blog/pass-open-source-security-audit for Proton Pass. Is this enough?
I will wait and see how Proton Pass develops. It may be a good alternative to Bitwarden in the future, especially for those who have a Proton plan that includes Proton Pass.