Proton

5076 readers

210 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago

MODERATORS

ProtonPrivacy@lemmy.world

alex_herrero@lemmy.world

Nelizea@lemmy.world

is it ok to store bank data in proton pass? (programming.dev)

submitted 1 year ago by prwnr@programming.dev to c/protonprivacy@lemmy.world

3 comments fedilink hide all child comments

I’m using proton services and now the Pass password manager as well. I never let any managers save my bank data such as credit cards or login credentials being sort of afraid to.

Is this concern still valid? when using a manager like Proton Pass that has e2e encryption? what’s your opinion on holding bank data in managers like this?

top 3 comments

sorted by: hot top controversial new old

[–] kia@lemmy.ca 2 points 1 year ago

I generally trust Proton products.

As a side note, you should never use any non e2e encrypted password manager.

[–] ddnomad@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

As a rule of thumb, do not put all your eggs into one basket. No software is infallible and vulnerabilities can be uncovered and exploited in both open and closed sourced applications.

That’s being said, as long as you don’t store all information necessary for a successful login in your password manager, you should be fine.

So storing credentials for your bank account is fine, as long as it is also protected by MFA and you do not use the same password manager for handling that.

You can store PIN codes from your debit cards in the password manager as long as you do not store card number / expiration / CVV2 there too.

Personally, I keep passwords in a password manager, MFA tokens in a separate authenticator, MFA recovery codes go to FIPS 140-2 certified encrypted USB sticks (3 separate copies). I do store debit card PIN codes in my password manager, but only alongside the last 4 digits of the card number.

[–] Varen@kbin.social 1 points 1 year ago

It‘s e2ee and open source, so I‘d be not concerned regarding Proton‘s side.

Keep your Account safe, your passwords long and complex and use 2FA sort of things and you should be fine, I‘d say