ProtonMail, the Swiss messaging service known for its encrypted service, has just released the full source code for its password manager. A fine proof of its commitment to safety and its transparency.
This new initiative is quite remarkable. After going through a slightly complicated period, the company has chosen to show its credentials for this time. The initiative to publish the source code of Proton Pass is clearly an outstretched hand to its users to build their confidence.
Open-source Proton Pass
This password manager integrated into the service offered by the company is a little more robust than a classic manager. It can obviously generate secure passwords to make logging in easier. Proton Mail also presents it as an “identity manager”. It is indeed able to create unique email address aliases so that your real address is not known or traced on the Web. In this way, if there is a data leak by a third party site, it cannot be used as a target.
This decision to switch its manager to open source will allow anyone to be able to inspect the code in order to verify that Proton is respecting its commitments, and that its applications are working while respecting them. A gesture to be welcomed in a context where data theft is more and more frequent.
An independent audit requested in parallel
Not everyone has the skills to inspect source code. This is why Proton Mail has commissioned a German company specializing in cybersecurity audits to scrutinize the applications integrated with Proton Pass. The company in question, Cure53, has reviewed it extensively: APIs, mobile apps, and browser extensions.
The audit report concluded that Proton does things seriously. Proton Pass presents a level of security considered satisfactory, but some aspects would deserve additional attention and modifications. All identified issues were resolved immediately by Proton, except for one, but this one is due to a limitation imposed by the Android OS.
Even though its service isn’t perfect, there’s no denying that Proton takes the safety of its users seriously. His desire for transparency is clear. First, it benefits the business when it comes to fixing potential problems. Proton has indeed developed a bug tracking program through which anyone can help identify vulnerabilities. Second, people who use email can be reassured about the healthy operation of the services offered by the company.
Download
- Two passwords to enhance security
- Programming the destruction of a message after reading
ProtonMail excels at message security. However, the degree of security brings certain constraints. It will not be possible to retrieve emails via POP, nor to configure ProtonMail on an external client.
ProtonMail excels at message security. However, the degree of security brings certain constraints. It will not be possible to retrieve emails via POP, nor to configure ProtonMail on an external client.
Sources: Proton, Ghacks
7