How can we improve ProtonMail?

Yubikey as a second factor authentification

That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.

746 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    olivierolivier shared this idea  ·   ·  Admin →

    31 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  · 

        Protonmail does support 2FA with Yubikey (TOTP). I use it all the time as long as you use a cellphone or a computer to get the time/codes. YubiKey does not support TOTP by itself so you have to use a phone or computer. It would be alot Safer if protonMail supported U2F but that I guess we have to wait for.

      • Stuart FirthStuart Firth commented  · 

        I feel Yubikey would be very beneficial.
        I work in a secure environment where mobile phones and tablets are not permitted.
        Yubikeys are permitted and are used on the corporate network to access certain areas.

      • Anonymous commented  · 

        Make your log-in page compatible with Google Chrome Trezor Password Manager. Then also use the Trezor as a U2F. Ridiculously Secure! Check out Trezor amazing U2F and awesome pw manager.

      • TomTom commented  · 

        Hope this is coming eventually, it's currently the 25th highest voted feedback item.
        When so many other websites now provide it, and Firefox now supports U2F too, I'd love to hear an official reason why this isn't even 'Under Review' ?

      • MitchellMitchell commented  · 

        Echoing that FIDO U2F would be greatly appreciated.

        I have Authenticator from phone enabled currently - however I often do NOT carry my phone, which locks me out of protonmail entirely whenever I am away from my device.

        Since I carry a FIDO U2F key any time I leave the house, this is my primary method of authentication for every other service. Looking forward to being able to access protonmail while traveling as well. :- )

      • MDTMDT commented  · 

        +3

      • Anonymous commented  · 

        I'd very much like to see 2FA support for YubiKey in challenge-response mode!! PLEASE! OTP is not going be the best option in my opinion.

      • minarminar commented  · 

        Please add U2F that would also support other devices, not just Yubikey.

      • Paul RangelPaul Rangel commented  · 

        Adding support for FIDO U2F would be great!

      • Bjarne H. NielsenBjarne H. Nielsen commented  · 

        I would also like to see this feature implemented.

        That said, it is possible to use (some?) Yubikeys as TOTP tokens for 2FA (the token will need both a display and a timesource, which is why it needs to be connected to your phone or (possibly another) computer while authenticating).

      • IsaacIsaac commented  · 

        Please add support for U2F as soon as possible!

      • Edward HuffEdward Huff commented  · 

        SMS as 2FA is totally insecure because SMS can be redirected. You should mark it deprecated and scheduled for removal. Standard hardware tokens should be supported.

      • Anonymous commented  · 

        It would be really nice to have yubikey for 2FA. This would most certainly be a plus given that I use Yubikey to access my clients.

      • Anonymous commented  · 

        Please, yes, - I would love to enable 2FA for this account, but the process, compared to my usual Yubikey solution, is an absolute PiTA. - I realise that Yubikeys have to be purchased, and that they are not cheap, either; but, that said, you cannot beat just being able to authenticate yourself with a simple button press; quite aside from Yubikey being very secure (arguably more secure, in fact, that email or mobile handset solutions).

      • Anonymous commented  · 

        +1! @protonmailteam if you don´t want to implement that feature for "reasons" please explain them.

      • Craig McgeeCraig Mcgee commented  · 

        oh god!! yes!! please! yubikey is so much easier than google authenticator especially as im totally blind and having to listen to both iPhone and computer to enter the code.

      • RossRoss commented  · 

        OTP apps don't provide a second factor if the user is accessing their account on mobile. That's like running the OTP app on a desktop environment when accessing the account from a desktop computer. Yubikey is the best answer to this. It's a true second factor.

        Also, if I'm travelling, it might be that I am asked, e.g. by border guards/security, to give access to my phone. If I have my app there, it will reveal the existence of my Protonmail account. This means I have to remove that before I travel. Yubikey would not reveal that I have a Protonmail account.

      • JamesJames commented  · 

        I would love to see support for Yubikey added too please!

      ← Previous 1

      Feedback and Knowledge Base