This community is reportedly official, but I see no activity of the Proton Team here :(
Can the Proton Team comment on this test?
Source article:
Edit:
I am not associated with any tested company or this blog.
I am an ordinary user of all Proton products since his birth and I love him.
Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.
I am aware that the test may be a product promotion, but the question is: can the threat be real for the Proton Pass?
This reads just like a paid promotion. Whenever I see a table above where one product is all ticks, it’s usually being shilled right?
That was my immediate thought. Especially when the article has a section near the top dedicated to talking just about it.
It says Keeper 9 times.
Proton 4, bitwarden 2, Nord 4, 1password 3, Last Pass 2, Dashlane 3.
Keerper with forcefield was the only one with a hyperlink to their website.
Theres not real methodology behind their testing procedure beyond a CMD output for each and “Keeper” shows “access denied”
Even if it is an advertisement, can the threats be true?
Theoretically, but it also seems the attack vectors require malware to be installed on your computer which already means your security is compromised.
deleted by creator
I am not associated with any tested company or this blog.
I am an ordinary user of all Proton products since his birth and I love him.
Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.
I am not associated with any tested company or this blog.
You didn’t think of using the regular support channel from Proton themselves?
Why post it on an online forum that doesn’t claim to be official, expecting an expert from Proton to reply to you?
How do you figure it looks credible? It looks like an advertisement from miles away.
Looks legit
You won’t find official Proton staff in the fediverse. They don’t like getting piled on for their CEOs statements so they pulled up stakes rather than try to fix the mess.
People were outsized dicks and Proton was enormously dismissive. Sometimes both groups can be wrong.
Reads a bit like an ad, and doesn’t look into self-hosted KeepassXC, which is also memory safe.
I don’t trust any online password managers anymore. Too much juicy data collected in one place, too many intermediaries all doing the right thing to rely on. And as the link I posted says, if the attacker has malware on your machine already, memory safety is a final defence but you’re likely already compromised.
Not even Bitwarden?
The table doesn’t mention independent security auditing, which in my mind is more important than most of the items on the list.
Our product you’ve never heard of is safer than the ones from well-established brands. Trust us.
The memory protection attempts on keeper versus the rest seem pretty legit.
The online protection is legitimate although if you’re required to do an online auth before you unlock a vault that means you have no ability to unlock your vault if you’re not online. So if you were having internet problems you might not be able to get into your router. Personally I think 2FA or yuby key is more than enough for that to allow offline authentication.
The claim of browser extension protection is a little nebulous. They specifically call out a single memory related browser feature and say that no one else checks against any browser extension attacks.
The whole document is definitely marketing slop but it’s not without some truth. Yeah, you can read unlock vaults through other programs. But you can also keylog from other programs, do 2fa interception attacks.
They’re putting a f*** ton of marketing out there to the point it’s hard to find articles that aren’t biased. Almost nothing out there even talks about the cons of the being significantly more expensive than the rest. What I was able to find with user reviews as their autofill is wanting, trying to put credit cards into web pages is inconsistent at best. And most places that compared them even against bitwarden shows bitwarden handily over usability issues
Honestly, I think using a zero knowledge password manager with built 2FA is sufficient enough right now.
Don’t make claims you can’t backup with evidence.
Keeper’s Browser extension is/was trash. Recently it had a bug where, on some websites, it’ll kept pasting my MFA token in every single number field on every page for the website, long after authentication finished.
It’s “community-supported”, meaning they have nothing to do with it. They don’t care about private or free platforms.
If you rely on a third party of any kind it’s not safe and should be tested that way.
