Has anyone found a compelling use case that would justify using Proton Pass along with 1Pw?
I’ve been using 1Pw for years, and have a deep investment in that. I’ve also been using Proton’s VPN and Email services for years. They’ve just released their own password-keeper. Have any members of this highly-opinionated and educated community examined the idea of adding the new Proton Pass (and their Wallet, which is coming real soon now) to their continued use of 1Pw? Use cases, real or hypothetical, would be interesting.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Proton seems a decent company, so I see no general reason that forbids their use.
You need to compare features and scenarios to see which one is the best for you. There is not only the shiny frontends and apps to compare, but the backends (cloud, storage, security concept and practice in general) as well.
Personally, I prefer dedicated separate services for important functions. Don't put all your eggs into the same basket, because if the basket breaks, all eggs break.
0 -
I’ve been completely satisfied by my use of 1Pw and of Proton’s VPN and email over the years, and have no intention of dropping either; my interest is if there are use cases that are interestingly useful that combine the use of both password keepers. The only thing I’ve thought of so far is that Proton’s password manager is capable of generating anonymized email addresses that are forwarded to Proton email inboxes, in cases where you don’t want to give commercial entities of unknown integrity a real email address in order to reduce spam, spoofing, and phishing. That’s been spun off into SimpleLogin and generalized to decouple the function from Proton Mail accounts, but it’s part of the Proton toolset, and it’s not (at the moment) built into 1Pw. The tradeoffs, at least as they appear to me today, are that 1Pw is better integrated with the browsers available across a wide variety of platforms, including Linux, and that Proton Pass is better integrated with their own email services.
1 -
My email address is about 25 years old, and I always used this one without any anonymizer in all the time. No problems, no desire to change it, no need for an anonymizer. Everything that might happen to an anonymized address might happen to the real address as well. I don't see the significance in using an anonymizer. It's another service that has an attack surface and creates additional work, if it fails. The benefits are not convincing. So this would not be an argument for me to use a service that also offers email anonymization.
0 -
How lucky for you! When I was traveling globally teaching software engineering classes, starting in the early 1990s, AOL was the only service where I could be assured of being able to dial an access modem number wherever in the world I was, and that address is still in use — along with seven others, all of which I prefer. The AOL address gets between 150 and 300 unwanted emails per day. The spam filtering is almost perfect, but a false positive happens once every three weeks or so, and has to get dug out of the multi-level spam filtering I use and re-trained as good. False negatives, where I have to manually train the spam filter on a junk message that’s gotten into my mailbox happens about every two weeks. All of this takes brain cells that I’d rather be spending on other purposes.
0 -
I think that @Tertius3 has made some good points. Obviously I'm biased here but I'm also not sure about having one account that is linked to multiple mission-critical services like email and my passwords, I like to keep important things siloed just in case. For example, it's why I pay for Fastmail even though my iCloud+ subscription includes email service.
In general, I always advise that you choose one password manager and stick with that whether that one password manager is 1Password or another service. Trying to use multiple password managers at the same time usually just creates confusion with:
- Duplicate entries stored in different places. Which can lead to outdated passwords that prevent you from signing in.
- Conflicting and overlapping UI elements like buttons and menus.
The only thing I’ve thought of so far is that Proton’s password manager is capable of generating anonymized email addresses that are forwarded to Proton email inboxes, in cases where you don’t want to give commercial entities of unknown integrity a real email address in order to reduce spam, spoofing, and phishing. That’s been spun off into SimpleLogin and generalized to decouple the function from Proton Mail accounts, but it’s part of the Proton toolset, and it’s not (at the moment) built into 1Pw.
1Password offers something similar if you have a Fastmail account: Use 1Password to create and manage Masked Emails in Fastmail
I believe that SimpleLogin has their own browser extension that you can use separate from ProtonPass, that might be an option for you. That being said, a few folks have asked for SimpleLogin integration to be included in 1Password and I'll let the team know that that could help your use case as well. 🙂
-Dave
ref: PB-42582456
1 -
First of all, I should clarify that my question was in the nature of a thought experiment, rather than my attempt to find a solution to a real current problem. Second, I’m completely on board with the basic idea that info shouldn’t be stashed in multiple hidey-holes. As I used to tell the ducklings in my classes, “Two things are only identical if they’re not two things.” That said, our industry has a sad history of useful tools that have been weakened by the lack of development resources, orphaned, compromised by bad actors or hostile commercial pressures, or otherwise made useless by a changing world. Thus, redundancy is also a worthy goal, as is the strategy of periodically made encoded snapshots stored in standardized interchange formats. 1Pw’s support for builtin 2FA and passkeys, its solid implementation of its more foundational functions, and its almost equivalent support across platforms (thanks again for maintaining Linux support) have made it my choice for years, and I’m not inclined to get distracted by a pretty young ankle just because it’s new. But the world of the Internet is no longer a friendly place. In fact, I was working in a DECNet R&D group before the specs for TCP and UDP were even finalized, when the term “Internet” was assumed to mean the ability for IBM, DEC, Bull, and Honeywell systems to share information, and at a point where permitting access to remote resources and lowering the thresholds for finding and using them was the holy grail. Not today’s world at all… The use of anonymous email-based credentials seems to me one part of an ever-changing security environment that is necessarily based on an assumption of mutual distrust. I’m not sure that this feels like progress.
0 -
I'm happy that you're sticking with 1Password. I do agree that masked emails (whether through Fastmail or SimpleLogin or some other provider) make sense in today's world. Even if the provider that you're using is trustworthy, they could experience a breach that leaks your email address to the world. By using a masked email alias, you limit the exposure and can always block and generate a new masked email alias.
If you're interested, a few years ago our podcast had a discussion with the CTO of Fastmail that touched on this topic: Email Alias Rabbit Hole with Ricardo Signes from Fastmail | Random but Memorable
-Dave
1 -
I guess one comment I'll make regarding using a second password keeper (of sorts) is for one-time passwords. That is, two-factor authentication codes. I know 1Password supports these and having everything in one place makes some sense. And on the other hand it does not.
Having all the credentials in one place for critical accounts is probably not the best practice and one could make a pretty good argument that having the second authentication factor someplace else is a good idea. To that end I've long used an authenticator app and that's worked fine. As a Proton subscriber I now could use Proton Pass for that purpose, and to add, since all my gadgets are Apple, I now have a basic password manager available there too which does support one-time passwords.
So I'll migrate off my authenticator app at some point; as far as storing username/password credentials in multiple places, no plans to do that.
-Joe
0 -
At this point, I’ve migrated all but two OTP 2FA tokens from Authy to 1Pw except the token for 1Pw itself, and for one banking site which is an Authy-only 2FA site. (At least they didn’t commit to Google.) Authy, however, has dropped support for their desktop apps, and they don’t have a web-app; only the apps for portable devices are supported, so copy/paste is no longer possible on a Mac or Linux machine. That copy/paste functionality is one of the strong points of the 2FA OTP support built into 1Pw; it’s available uniformly, desktop and portable device apps, and the web-app interface.
The sites that really tick me off are the ones which send a 2FA codes in clear text by email as their only choice. Depending on where I am in the world, it can take long enough to see the email in the mail provider’s webmail interface that the validity of the code has timed out. In addition, one of my French bank accounts limits all passwords to a 6-digit number; no stronger choice available. They claim it’s secure because every time the numeric keypad is displayed on the website, the position of the keycaps is randomized, but they are unresponsive to any request to implement any sort of OTP 2FA technology.
By the way, as I understand the technology, a OTP generator is safe to keep stored with other credentials because a captured OTP can’t be used to predict the next OTP in the sequence without knowledge of the token, so the window of vulnerability is limited to a (usably) short time. Anyone from 1Pw care to comment on that? How about a comment on the vulnerability of using the OTP generator through the web-app interface? I won’t always have the ability to get to the 1Pw web-app through a VPN tunnel if I’m in an Internet cafe, for instance.
0
