Yubikey as a second factor authentification
That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.
Please add U2F that would also support other devices, not just Yubikey.
Paul Rangel commented
Adding support for FIDO U2F would be great!
Bjarne H. Nielsen commented
I would also like to see this feature implemented.
That said, it is possible to use (some?) Yubikeys as TOTP tokens for 2FA (the token will need both a display and a timesource, which is why it needs to be connected to your phone or (possibly another) computer while authenticating).
Please add support for U2F as soon as possible!
Edward Huff commented
SMS as 2FA is totally insecure because SMS can be redirected. You should mark it deprecated and scheduled for removal. Standard hardware tokens should be supported.
It would be really nice to have yubikey for 2FA. This would most certainly be a plus given that I use Yubikey to access my clients.
Please, yes, - I would love to enable 2FA for this account, but the process, compared to my usual Yubikey solution, is an absolute PiTA. - I realise that Yubikeys have to be purchased, and that they are not cheap, either; but, that said, you cannot beat just being able to authenticate yourself with a simple button press; quite aside from Yubikey being very secure (arguably more secure, in fact, that email or mobile handset solutions).
+1! @protonmailteam if you don´t want to implement that feature for "reasons" please explain them.
Craig Mcgee commented
oh god!! yes!! please! yubikey is so much easier than google authenticator especially as im totally blind and having to listen to both iPhone and computer to enter the code.
OTP apps don't provide a second factor if the user is accessing their account on mobile. That's like running the OTP app on a desktop environment when accessing the account from a desktop computer. Yubikey is the best answer to this. It's a true second factor.
Also, if I'm travelling, it might be that I am asked, e.g. by border guards/security, to give access to my phone. If I have my app there, it will reveal the existence of my Protonmail account. This means I have to remove that before I travel. Yubikey would not reveal that I have a Protonmail account.
Yubico have good details for developers implementing U2F support here : https://developers.yubico.com/U2F/Libraries/Using_a_library.html
Michal Bednarski commented
Please add it
I would love to see support for Yubikey added too please!
i need protonmail to have Yubikey support too, it would be more convenient
I'm very excited about yubikey and I can't wait when it gonna be in protonmail. Secure and so convenient. Please add it...
Hardware based second factor authentication token is huge for security. I would love this feature more than anything else.
Absolutely a top priority as far as I'm concerned.
Someone called my attention on another hardware key that has also an open source hardware.
I can not judge if it is better than Yubikey or not.
What Ken said: "Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then."
U2F support would make all the difference in the world for me. It fits my security model in ways that 2FA cannot. I travel internationally and I often change phones, so any 2FA method that relies on me having an app on my phone (SMS, Authy, etc) can fail me at critical times.
As a result, anytime I travel out of my home country, I have to disable 2FA on my PM account -- and that's exactly the worst time to have to do that.
I understand that U2F would take some (but not much) time for you to implement, but as a paying customer I would greatly appreciate it.
Thanks for your time.