Allow using ONLY security keys as 2FA
I was very excited to see that security key support was added! Please now allow me to disable the authenticator app -- I only want my hardware keys as my second factor.
-
Anon303 commented
so you use auth app for codes? why not use your hardware key for that job as well?
my yubikeys are both my hardware tokens and my authenticators.
even added my flipperzero as hardware token.just change away from the random app you are using and go to.
-
Miicat commented
Agreed - the security is as good as the weakest link in the chain (in this case TOTP, which is susceptible to man-in-the-middle attack)
-
R commented
Agreed - it seems bizarre to support a high security feature yet force us to maintain a weaker second factor.
I suspect they are concerned about users getting permanently locked out of their accounts when they lose their security keys.
It should be noted that iCloud now support security keys only... and Google has done for a while.
I did note that when installing a new Proton VPN client the other day that only TOTP was available, it didn't support security keys. So maybe they are still adding support into their software.
-
Proton User commented
Agreed - TOTP is susceptible to man-in-the-middle attack.
There is an option to use either hardware/passkey security key or TOTP when login via the web interface but there's no option to use security key from the iOS app.
-
Bob commented
Updoots here, was about to post the same thing. It's dumb and incredibly frustrating that we take good steps in terms of security and then hamstring them with arbitrary restrictions.