One of the features seems to be a "hide my email" feature, akin to Apple's hide my email or Fastmail's masked email feature.
Having used both of those, I would say one downside is that occasionally, a site will detect that I used the Apple one, which is strange because it's just an iCloud email address. Perhaps they're looking for a specific pattern.
I haven't yet seen the Fastmail one blocked.
One concern with the Proton one is that it seems like its masked emails are all at passmail.com. I've already found some sites block protonmail, so they'll surely block passmail like they do Mailinator and other sites. That could be a limitation that's less likely to affect Fastmail's service.
I've been using bitwarden for the past few years and I've been pretty happy with it. I have proton unlimited though so I figured I'd try it out.
It looks nice but there is some functionality missing. No categories. Can't store credit card info. Session locking only has the option to relogin with a pin code and not full password or even 2FA.
There is still some work to be done here for sure.
I like BitWarden, but I'm not 100% sold on cloud-based solutions. The encryption is probably fine, but is the whole payload? Also, I'm torn between "big" and "small" password managers.
A small one is less likely to be targeted. A big one will probably have more security infrastructure/employees.
One bummer with BitWarden is that the UI just isn't very good. For example, you can't select more than one item in the desktop electron app.
I agree that the bitwarden UI isn't very good on the desktop app and in the browser extension. I don't even use the desktop app at all anymore. One positive for protonpass is that the ui is looking pretty streamlined and it feels fast. I think for just the endless regular internet accounts either is fine.
It's a fair point about small vs. big. I mean security by obscurity doesn't really seem like a strong point for small, but who knows. I think higher value targets will always end up using the bigger ones anyway.
Important stuff (banking/development secrets) maybe use something like gpg based and offline like https://wiki.archlinux.org/title/Pass or the Qt frontend https://qtpass.org/.
If only banks had meaningful security themselves.
Ultimately I'm less worried about banks, because all of that stuff can be reversed. Banking is almost designed with the idea that you'll be compromised.
I'm more worried about losing all my important files.