Proton Pass is now an independently security audited, open source password manager
Privacy-centric firm Proton has announced that its password manager, Proton Pass, is now more than just open source. The company has had the code of its apps, browser extensions and APIs subjected to an independent security audit by German security specialists Cure53.
With passwords providing access to some of the most value and sensitive personal information imaginable, reliable security is essential. The auditors' assessment that Proton has a "commitment to maintaining a high-level of security" and that "the state of security across Proton's applications and platforms is commendable" will serve as helpful recommendations for anyone looking for a safe and secure password manager.
See also:
- Microsoft is working on a new reinstall feature to let you fix Windows 11 without losing files, apps or settings
- Microsoft reveals everything you need to know about Windows 11 23H2
- Unlock the new features of Windows 11 Moment 3 with the newly released KB5028185 update
Proton says that while it sees the open sourcing of its code as an important step, it recognizes that to most people code is meaningless. This is the reason behind submitting the Proton Pass code to an independent auditor, it builds on the company's strongly help belief in the scientific ethos of transparency and peer review.
In a blog post about the code audit, Proton says:
While being open source means that anybody can audit our code, not everyone has the time, technical expertise, or interest to pore over our apps' code. That’s why we also regularly commission and publish independent security audits for all our apps.
Proton Pass's code underwent a security audit by the German security firm Cure53 throughout May and June. We selected Cure53 to handle the Proton Pass audit because we wanted to ensure that Proton Pass received the most rigorous testing possible, and Cure53 has extensive experience investigating browser extensions and password managers. They tested all Proton Pass mobile apps, browser extensions, and our API.
The full report from Cure53 is available to read here, and if you're interested in scouring the Proton Pass source code, you can do so here:
More information is available in Proton's blog post here.
Pingback: July 22, 2023 - Red-N Security