How can we improve ProtonMail?

Yubikey as a second factor authentification

That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.

525 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    olivierolivier shared this idea  ·   ·  Admin →

    24 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • minarminar commented  · 

        Please add U2F that would also support other devices, not just Yubikey.

      • Paul RangelPaul Rangel commented  · 

        Adding support for FIDO U2F would be great!

      • Bjarne H. NielsenBjarne H. Nielsen commented  · 

        I would also like to see this feature implemented.

        That said, it is possible to use (some?) Yubikeys as TOTP tokens for 2FA (the token will need both a display and a timesource, which is why it needs to be connected to your phone or (possibly another) computer while authenticating).

      • IsaacIsaac commented  · 

        Please add support for U2F as soon as possible!

      • Edward HuffEdward Huff commented  · 

        SMS as 2FA is totally insecure because SMS can be redirected. You should mark it deprecated and scheduled for removal. Standard hardware tokens should be supported.

      • Anonymous commented  · 

        It would be really nice to have yubikey for 2FA. This would most certainly be a plus given that I use Yubikey to access my clients.

      • Anonymous commented  · 

        Please, yes, - I would love to enable 2FA for this account, but the process, compared to my usual Yubikey solution, is an absolute PiTA. - I realise that Yubikeys have to be purchased, and that they are not cheap, either; but, that said, you cannot beat just being able to authenticate yourself with a simple button press; quite aside from Yubikey being very secure (arguably more secure, in fact, that email or mobile handset solutions).

      • Anonymous commented  · 

        +1! @protonmailteam if you don´t want to implement that feature for "reasons" please explain them.

      • Craig McgeeCraig Mcgee commented  · 

        oh god!! yes!! please! yubikey is so much easier than google authenticator especially as im totally blind and having to listen to both iPhone and computer to enter the code.

      • RossRoss commented  · 

        OTP apps don't provide a second factor if the user is accessing their account on mobile. That's like running the OTP app on a desktop environment when accessing the account from a desktop computer. Yubikey is the best answer to this. It's a true second factor.

        Also, if I'm travelling, it might be that I am asked, e.g. by border guards/security, to give access to my phone. If I have my app there, it will reveal the existence of my Protonmail account. This means I have to remove that before I travel. Yubikey would not reveal that I have a Protonmail account.

      • JamesJames commented  · 

        I would love to see support for Yubikey added too please!

      • crypton4tecrypton4te commented  · 

        i need protonmail to have Yubikey support too, it would be more convenient

      • MikeMike commented  · 

        I'm very excited about yubikey and I can't wait when it gonna be in protonmail. Secure and so convenient. Please add it...

      • AnonymousAnonymous commented  · 

        Hardware based second factor authentication token is huge for security. I would love this feature more than anything else.

      • DaggerDagger commented  · 

        Absolutely a top priority as far as I'm concerned.

      • m4kom4ko commented  · 

        Someone called my attention on another hardware key that has also an open source hardware.
        I can not judge if it is better than Yubikey or not.
        https://www.nitrokey.com

      • AlanAlan commented  · 

        What Ken said: "Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then."

      • Anonymous commented  · 

        U2F support would make all the difference in the world for me. It fits my security model in ways that 2FA cannot. I travel internationally and I often change phones, so any 2FA method that relies on me having an app on my phone (SMS, Authy, etc) can fail me at critical times.

        As a result, anytime I travel out of my home country, I have to disable 2FA on my PM account -- and that's exactly the worst time to have to do that.

        I understand that U2F would take some (but not much) time for you to implement, but as a paying customer I would greatly appreciate it.

        Thanks for your time.

      ← Previous 1

      Feedback and Knowledge Base