Approve login request on mobile to log in (passwordless login)
Currently when I login on my Desktop through a webbrowser on a Proton web service I need to fill-in my MFA code, instead off filling in a MFA code I wou like the possibility to get a pop-up on my Phone and approve it with bio metric validation.
-
commented
Horrible idea, Get ready for MFA bombing (being spammed with prompts until you give in and click "Approve") like what happend to apple Icloud users recently if this is implemented.
push authentication is vulnerabile to social engieering attcks like this, I'ld quite posibly leave proton if they put this in.
Passkeys or FIDO2 Secutykeys would be a more secure passwordless option -
Macwin Hub commented
I've shared this article with my colleagues, and we're already discussing how to incorporate the strategies mentioned here into our practices.
https://macwinhub.com/taskbarx-*****/ -
domca.hracek+uservoice@protonmail.com commented
Being able to log in with a device (like Bitwarden does). So mobile devices (tablets, phones) have the option to turn on "login with this device", so I can log in with that device if I've already logged into the account (if want to log into my account from my friends laptop, to use this feature, you have to log into the account for at least one time). That's one of the things I need to move to Proton Pass from Bitwarden
-
Shayan commented
A notification that pops up on your phone to allow / deny a login. Way better then a password.
-
David Garcia commented
Question for those requesting this feature:
"How do you get a Login Link (to eliminate the need for a password) if you are not logged into your email?"
Personally, having a Password + 2FA is the right way for most users to proceed. If you want more security, consider YubiKey and use a physical device (you have a key for your house and another for your car, so why not have one for your online account?).
-
Incognito commented
Whenever trying to log in to Proton Pass in PC, browser you name it a an approval request sends to Proton Pass in mobile.
This future is very handy and works like 2FA (kind of! IMO) for logg in to PP on PC and browser and later on, on PP desktop app.
-
BruceL commented
I don't have the aforementioned authenticators but I can envision a text msg from proton with a six digit code to enter.
-
Rich Rice commented
Please review asap!
-
Rich Rice commented
Passwordless accounts are more secure than the password
-
Jon Miron commented
This!
It's so much more secure logging into my work computer without having to enter my crazy password.
-
Anonymous commented
I value the addition of dual factor authentication, but I find it frustrating that I have to open an app on my phone and quickly type in the relevant 6 digits before the code refreshes.
I have many such MFA apps on my phone, and my favourite by far is Microsoft Authenticator and LastPass Authenticator. The reason for this is that when I log in to ProtonMail, a push notification is sent to my phone and I simply have to press yes or no on the notification to allow or deny the login.
This is a massive time saver and I don't believe it is any less secure, because the phone has to be unlocked before the command can be given. Using fingerprint authentication, this takes a matter of seconds,
Please consider looking into this enhancement,