Please implement this as soon as possible, do you have any dates for its release?

This is a massive security oversight. Please release this!

I’m planning to buy two security keys to secure my account, and I’d really like to be able to use them without needing a 2FA authenticator app. It would be fantastic if there was an option to rely solely on security keys for two-factor authentication.

Halfway through 2025 and this still isn't added

Não faz sentido poder utilizar security keys sem poder desabilitar o método 2FA por aplicativo autenticador... Comprei 3 chaves YubiKeys e foi frustrante saber disso no momento da configuração.

Yes, please.It would be a gamechanger ... in office too.

Please proton !

Yes, please.

I can't agree more!

"JD commented · March 13, 2024 9:56 PM ·

The requirement to have TOTP enabled is pointless and annoying for another reason I discovered today - if you want to switch TOTP apps and you can't extract the secret keys directly (most TOTP apps don't allow this) then you have to delete all your security keys just to get a new TOTP code.

Why? So annoying. "

With regard to TOTP keys.... Aegis & Proton Pass both allow you to see & extract the secret keys, in order to add them to a different authenticator if you so wish. What you are saying is true with regard to the Yubico authenticator (once key is saved, you can no longer see/extract).

Currently im using Proton Mail as a personal email service, but in my previous workplace we've been using Proton as a corporate email and since our organization was very security concious, this was a huge deal for us (every employee had a pair of Yubikeys, but we didnt want them to use TOTP)

Agreed, take how Apple implements Security keys as an example of how this should work.
You need at least two to even turn on U2F, and then OTP and other methods like SMS are shut off when you do with the exception of password/account recovery.
Having plain old TOTP as a plain old signin MFA and not at most a recovery method where I’m notified of login attempts alongside security keys should not be a thing it nullifies the added security.
Google also does similar if you opt in to their “advanced protection program”.
The largest players in the industry seem to be in agreement, that this is how security keys should work; They should be your only MFA.

I would rather use my yubikey alone . please implement this, just require two keys.

The requirement to have TOTP enabled is pointless and annoying for another reason I discovered today - if you want to switch TOTP apps and you can't extract the secret keys directly (most TOTP apps don't allow this) then you have to delete all your security keys just to get a new TOTP code.

Why? So annoying.

Security keys still don't work on the Android App...

Surprised that I couldn't disable TOTP now that I have the security keys. Please fix

I agree with this proposal. It would be great to be able to remove the TOTP code and just rely on my security keys for login.

I noticed that you can only use a security key as an alternative or additional 2FA methode. Could you make it possible to just use a security key.

The current state of affairs is *very* questionable. Prioritize this.

Having this option would make sense in case user own TWO security keys.
Furthermore, please implement FIDO2 password-less login.