How can we improve ProtonMail?

Yubikey as a second factor authentification

That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey.

202 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    olivierolivier shared this idea  ·   ·  Admin →

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • AnonymousAnonymous commented  · 

        Hardware based second factor authentication token is huge for security. I would love this feature more than anything else.

      • DaggerDagger commented  · 

        Absolutely a top priority as far as I'm concerned.

      • m4kom4ko commented  · 

        Someone called my attention on another hardware key that has also an open source hardware.
        I can not judge if it is better than Yubikey or not.
        https://www.nitrokey.com

      • AlanAlan commented  · 

        What Ken said: "Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then."

      • Anonymous commented  · 

        U2F support would make all the difference in the world for me. It fits my security model in ways that 2FA cannot. I travel internationally and I often change phones, so any 2FA method that relies on me having an app on my phone (SMS, Authy, etc) can fail me at critical times.

        As a result, anytime I travel out of my home country, I have to disable 2FA on my PM account -- and that's exactly the worst time to have to do that.

        I understand that U2F would take some (but not much) time for you to implement, but as a paying customer I would greatly appreciate it.

        Thanks for your time.

      • KenKen commented  · 

        PM were asked time and time again about Yubikey on the blog post that announced 2FA. No Yubikey and not even a comment about why not.

        Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then. Also, phones can be attacked remotely (see recent Wikileaks revelations). Much harder to do that with Yubikey.

        But like I say, PM wont even comment. Dunno why.

        If you're listening PM, PLEASE DEVELOP YUBIKEY SUPPORT. Pretty, pretty please.

      • El MurcielagoEl Murcielago commented  · 

        Proton could raise funds and increase security by offering (for sale) to users credit card sized electronic one time pads for 2FA. Many banks are using them, currently. BOFA charges $11.00 US. (a one time fee) is there anything more secure than a one time pad?
        I do not know who produces these cards. Pretty sure they are not open source, either lol.

      • sandrosandro commented  · 

        I need this too. with fido u2f support or Yubico OTP.

      Feedback and Knowledge Base