Proton AG, the Swiss security firm notable for its end-to-end encrypted email offering, today announced an enhancement to its Pass password manager software called Sentinel.

The feature prevents attackers from getting access to users’ data even if they have stolen Proton account credentials. The company claims this is a unique feature, and that’s likely a valid claim, based on using Pass and many of its competitors.

Sentinel offers a range of protective features, including continuous automated monitoring and then flagging any suspicious login attempts. These attempts are then challenged by the system, even if they were using the correct account credentials. Customers can track these events in Pass’ security logs (below) that numerate all security events on an account.

Sentinel was originally designed to protect high-profile customers who may be at greater risk of cyberattacks, such as politicians, executives, journalists and political activists. It has blocked more than 3,000 account takeover attacks since it was introduced in limited release back in August.

Password managers have had a spotty history with various breaches. LastPass has had many, starting in 2014, with email account addresses stolen in 2015, a zero-day flaw in 2016, a browser plug-in issue in 2017, and problems in subsequent years as well. Both LastPass and 1Password have had flaws that were revealed when a fake Google app tricked those customers into revealing a password back in 2020.

Proton Pass is a relatively new product in the company’s encryption lineup, so it has avoided this history. But the timeline isn’t the only thing in its favor: It also inherits a careful security philosophy that encrypts all data, not just the username and password, which goes beyond what some of its competitors offer.

It performs all cryptographic operations locally, rather than in the cloud, so all data is encrypted when in motion, and no data is shared with any third parties. It also doesn’t have access to any customer encryption keys.

One weakness is in how Pass imports existing password vaults into its system: It comes with 15 different import routines for many of its major competitors but didn’t include the one that I use (Zoho Vault), which required exchanging a few emails with its support team to iron out my problems.

Starting today, any customer with paid Proton Pass accounts can enable this feature, which is just a simple toggle switch on its security menu. The company says the new service addresses the “one threat that other password managers can’t do well, being fooled by fraudsters.”

Images: TBIT/Pixabay, Proton