Allow **only** using security keys as 2FA
I was very excited to see that security key support was added! Please now allow me to disable the authenticator app -- I only want my hardware keys as my second factor.
I noticed that you can only use a security key as an alternative or additional 2FA methode. Could you make it possible to just use a security key.
The current state of affairs is *very* questionable. Prioritize this.
Eros Comin commented
Having this option would make sense in case user own TWO security keys.
Furthermore, please implement FIDO2 password-less login.
100% agree. Using a security key without being able to disable the auth app makes the account less secure, as you now have one more attack surface. Quite questionable decision for such a “security focused” company.
Pete Pete commented
I would like to switch off authenticator app and leave only my Security key.
Having app authenticator apps have no sense if you have security keys
Guessing that. there is some users they would like to have both but for me it;s more secure to disable the app auth
Just added my two security keys and was surprised that i couldn't disable TOTP. Please fix it.
Richard O'Neill commented
Requiring TOTP to use a yubikey is a terrible security and privacy implementation. It needs fixing. If the issue is worry about account locking why not just require 2x security keys to disable TOTP?
Rahul Rana commented
if you really care about the security and privacy, you must allow to choose only a hardware key 2FA.
I wish it could be possible to choose only to have a hardware key 2FA
[Deleted User] commented
I wish Proton would let me use physical keys to access all Proton IOS apps. If we are forced to use authentication codes, how can I stop using Bitwarden? I currently store all of my keys in Bitwarden and login to Bitwarden using my physical key. I can’t store my keys in Proton Pass and still login to Pass!!!
Would be great to see them go beyond this and allow the use of webauthn or passkey as a passwordless authentication method
I would like to see security key support also. Proton could sell its own brand of security keys that are FIDO2 compliant and FIPS certified to compete with Feitian and Yubico.
The fact that in order to have security key 2FA you need to also enable TOTP is terminally stupid.
so you use auth app for codes? why not use your hardware key for that job as well?
my yubikeys are both my hardware tokens and my authenticators.
even added my flipperzero as hardware token.
just change away from the random app you are using and go to.
Agreed - the security is as good as the weakest link in the chain (in this case TOTP, which is susceptible to man-in-the-middle attack)
Agreed - it seems bizarre to support a high security feature yet force us to maintain a weaker second factor.
I suspect they are concerned about users getting permanently locked out of their accounts when they lose their security keys.
It should be noted that iCloud now support security keys only... and Google has done for a while.
I did note that when installing a new Proton VPN client the other day that only TOTP was available, it didn't support security keys. So maybe they are still adding support into their software.
Steven Markup commented
Varsity jackets can be worn with a variety of outfits, from jeans and sneakers to dresses and heels, making them a versatile addition to any wardrobe.
Proton User commented
Agreed - TOTP is susceptible to man-in-the-middle attack.
There is an option to use either hardware/passkey security key or TOTP when login via the web interface but there's no option to use security key from the iOS app.
Updoots here, was about to post the same thing. It's dumb and incredibly frustrating that we take good steps in terms of security and then hamstring them with arbitrary restrictions.