What would be the recommended route for logging in to proton pass?
Currently I have a random string password string stored in Bitwarden and auto fill whenever I need to login to proton. Obviously I need to remember my master password to gain access to my vault.
If I were to potentially switch over to proton pass exclusively, I would need to change the proton password in something I can remember instead. I would argue it might actually reduce the security challenge for the proton account.
Any thoughts on the topic?
A long memorable passphrase is pretty good as a master password for a password manager.
You can login to proton pass (after the first time) with either a PIN for the browser extension, or your fingerprint on mobile (if your phone has a fingerprint reader). You can also make your password memorable but still very long.
Afaik they‘re working on deattach Pass from the other Services, until then I‘ll keep BW + Authy as a backup
I agree with other comments, a long passphrase coupled with a couple of yubikeys would be great. Even more when a separate validation for Pass come to production. Hopefully soon.
I’m a little worried about this too… With 1Password, I’m fine with having a master password I can remember, since I know it’s only useful to an attacker if they also have access to one of my devices, or know my Secret Key. That means that a targeted, high-effort attack is necessary to get in. Proton Pass just being protected by a single password makes it way easier to run remote attacks.
You can use 2fa with proton as well. I have yubikeys configured for instance.
