How can we improve ProtonMail?

Yubikey as a second factor authentification

That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.

1,555 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    olivier shared this idea  ·   ·  Admin →

    62 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Tom commented  · 

        @olivier - Can you edit the title to be FIDO U2F, instead of just Yubikey ?

      • Jan commented  · 

        Yubikey & Trezor – U2F in general.

      • James commented  · 

        This is essential. If there is not at least an official response on this within the year, I will be canceling my subscription.

      • Nick commented  · 

        Please add U2F!

      • dyna commented  · 

        Please add support for U2F with Yubikey

      • bcm commented  · 

        I am pretty surprised that a secure email provider has not implemented FIDO U2F to improve user security. It is relatively easy to integrate and the benefits are self explanatory. Please get it done soon before adding other new features that have nothing to do with security or privacy.

      • Anonymous commented  · 

        Any updates on this? Would be super nice if we see U2F support soon.

      • Anonymous commented  · 

        Please add Fido U2F so I can use my Ledger Nano S for login.

      • Anonymous commented  · 

        FIDO U2F is the one thing holding me back from actually using this as a secure email service. And I'd even pay for a premium tier for this support. Instead, without hardware 2FA, it's just another novel email account for me like my old hacked yahoo account.

        Software only authenticator is not a viable solution for someone with multiple mobile devices that change frequently due to work. I don't know when I may get a new device and lose access to my old one, so an authenticator that is tied to a phone is just asking for me to lose access to my email.

      • Anonymous commented  · 

        Please add support for Yubikey's. Preferably U2F mode, but YubicoOTP will work too.

      • Anonymous commented  · 

        seems like "no answer" after over half year in the subject is answer enough. pity the forum support is that diconnected to the userbase already. U2F shouldn't take that long to implement.

      • Anonymous commented  · 

        2FA is a strength of ProtonMail- particularly not implementing it via SMS, but relying on software authentication. However, situations may arise when the user is attempting to access email from a new computer- and does not have a software authenticator available. Or the user desires the extra security of a physical key. U2F Fido support through a hardware key seems like an ideal way of implementing this feature.

      • Anonymous commented  · 

        I recently bought a yubikey and would love to use it with protonmail. Thank you

      • Michael Mauldin commented  · 

        Proton Technologies: Please add hardware U2F, such as YubiKey, for better security. I am not a paid user because of the absence of this feature. If you disagree with this request, please make a public statement. Many users of ProtonMail have stated since 2015 that they desire such a feature. Thank you.

      • Vjeetn commented  · 

        PLEASE add Yubikey integration. I have and use it anywhere where available.
        We use Protonmail because it is secure. Yubikey integration is mandatory to make it even more secure.
        I don't need a paid account right now but Yubikey integration could help me make the decision to go pro.

      • Markus Hochholdinger commented  · 

        +1 for U2F support (have Trezor) - living up to your own high security standards

      • Anonymous commented  · 

        This is definitely a prefered way to use 2FA. having U2F support for security keys would be amazing.

      • Adam Lewis commented  · 

        What folks need to realize is that OTP is still a password, and as such is still vulnerable to man-in-the-middle / phishing attacks. Google realized a long time ago that a one-time-password can be phished just as easily as a long lived password, and swapped for a long-lived bearer token (i.e. cookie). FIDO / U2F / UAF / WebAuthN is resistant to phishing / MitM. In addition to U2F/WebAuthN in the browser - would also like to see UAF for the mobile app, utilizing private key in the TEE/SE + biometric/PIN to unlock. PayPal, BoA and AliPay all do this today.

      • Adam Lewis commented  · 

        This is a no brainer - especially with most major browsers (Chrome, Edge, Firefox) all committing to support #WebAuthN. Chrome already has U2F support and FF Quantum now has WebAuthN enabled. PLEASE PLEASE PLEASE make this an option. As other posters have stated, this is something I would pay money to use!

      ← Previous 1 3 4

      Feedback and Knowledge Base