Yubikey as a second factor authentification
That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.
Hardware based second factor authentication token is huge for security. I would love this feature more than anything else.
Absolutely a top priority as far as I'm concerned.
Someone called my attention on another hardware key that has also an open source hardware.
I can not judge if it is better than Yubikey or not.
What Ken said: "Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then."
U2F support would make all the difference in the world for me. It fits my security model in ways that 2FA cannot. I travel internationally and I often change phones, so any 2FA method that relies on me having an app on my phone (SMS, Authy, etc) can fail me at critical times.
As a result, anytime I travel out of my home country, I have to disable 2FA on my PM account -- and that's exactly the worst time to have to do that.
I understand that U2F would take some (but not much) time for you to implement, but as a paying customer I would greatly appreciate it.
Thanks for your time.
PM were asked time and time again about Yubikey on the blog post that announced 2FA. No Yubikey and not even a comment about why not.
Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then. Also, phones can be attacked remotely (see recent Wikileaks revelations). Much harder to do that with Yubikey.
But like I say, PM wont even comment. Dunno why.
If you're listening PM, PLEASE DEVELOP YUBIKEY SUPPORT. Pretty, pretty please.
El Murcielago commented
Proton could raise funds and increase security by offering (for sale) to users credit card sized electronic one time pads for 2FA. Many banks are using them, currently. BOFA charges $11.00 US. (a one time fee) is there anything more secure than a one time pad?
I do not know who produces these cards. Pretty sure they are not open source, either lol.
Enrique Quero commented
Need that -.-
I need this too. with fido u2f support or Yubico OTP.