YubiKey? Ever? No? Hello?
The dedicated Protonmail community deserves a real response from the crack team of Protonmail scientists and engineers. When are you implementing Yubikey or are is your tag line just bs?
"We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why we created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. Our goal is to build an internet that respects privacy and is secure against cyberattacks.
We are committed to developing and widely distributing the tools necessary to protect your data online. Our team combines deep mathematical and technical knowledge from the world's top research institutions with expertise in building easy to use user interfaces. Together, we are building the encrypted communication technologies of the future."
Yubi-Helpme
shared this idea
193 comments
-
Len
commented
There's no need to be rude.
-
Edmund Laugasson
commented
Would propose to change the subject title to "U2F/FIDO2 support". Would be more appropriate, especially crucial when we would like to stick with free and open-source software, standards, etc. There is certainly FIDO Alliance at https://fidoalliance.org/ where these new standards are available. Nowadays FIDO2 https://fidoalliance.org/fido2/ , https://en.wikipedia.org/wiki/FIDO2_Project is used. In general, we are speaking about HSM (https://en.wikipedia.org/wiki/Hardware_security_module , https://www.cryptomathic.com/news-events/blog/understanding-hardware-security-modules-hsms) support with nowadays standards, currently FIDO2 and from former times also U2F (https://en.wikipedia.org/wiki/Universal_2nd_Factor). Today we have also CloudHSM (e.g. Amazon https://aws.amazon.com/cloudhsm/ , Google https://cloud.google.com/security-key-management , IBM https://cloud.ibm.com/catalog/infrastructure/hardware-security-module), but also software defined HSM, e.g. Krypton (U2F, https://krypt.co/ , https://alternativeto.net/software/krypton/).
-
Vejete
commented
Love ProtonMail. Even have the paid version. Hate not being able to use my YubiKey for 2FA with ProtonMail. C'mon guys! Get with it!
-
Anonymous
commented
YubiKey is not as safe as open source alternatives like Solo, but yes, I want U2F/FIDO2 support.
-
Aerion
commented
This is essential. It's the only 2FA method that
1) doesn't require a mobile phone with a charged battery and a working mobile signal and/or internet connection
2) doesn't require drivers
3) doesn't require a special app
4) protects against man-in-the-middle attacks
5) is incredibly easy to take with you
6) you are likely to always have with you since you leave the house with your keys (right?)
7) is insanely quick and easy to use
8) doesn't pose any risks if you were to lose it since it's not tied to your person, identities, or accounts
9) is durable
10) works anywhere: USB-A, USB-C, Lightning, and NFC
11) you can have a backup of (most services, except Twitter, support registration of multiple U2F keysWhy this is still not supported is beyond me.
-
disappointed user
commented
FIDO2 U2F is a running joke with ProtonMail, I doubt they will ever support it.
-
w457381n
commented
This should be consolidated with request for FIFO2 U2F Security Key Support for MFA (https://protonmail.uservoice.com/forums/284483-protonmail/suggestions/36590311-fifo2-u2f-security-key-support-for-mfa). U2F would allow for Yubikey and other standards supporting 2FA devices to be used.
-
Abe
commented
I'd like to see this expanded BEYOND Yubikey to FIDO2... Any USB security key should work as a U2F. Please.
-
x4e
commented
Dont understand how u2f is still not supported - literally boggles my mind.
-
Andrew
commented
Search results for this tell the story Coming Soon(tm) since 2015!
-
Qubits314
commented
Lastpass failed to deliver on U2F, so I failed to renew with them. The single line item preventing me from going with a visionary subscription is yubikey/u2f support. I am sure there are many others in my shoes. It has been years of "coming soon". Get it done already! Thanks!
-
Jeremy
commented
Please, we need FIDO U2F ASAP. This is a very important feature.
-
micheal phil
commented
why does AOL app keep closing in my iPhone 10 (mobile) all the time. Please help me, this AOL application keep crashing in my new iPhone 10 also why does AOL app keep closing in my Mobile?
https://www.talk2techguru.com/forums/topic/why-does-aol-app-keep-crashing/
-
fkrc
commented
It would be nice to add FIDO1/FIDO2 authentication.
My problem with Google Authenticator is that it is still using passwords.
We know that passwords are not nearly as secure as a FIDO2-device like Trezor Model T.
Please see https://blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324 for more information. -
fkrc
commented
t would be nice to add FIDO1/FIDO2 authentication.
My problem with Google Authenticator is that it is still using passwords.
We know that passwords are not nearly as secure as a FIDO2-device like Trezor Model T.
Please see https://blog.trezor.io/why-you-should-never-use-google-authenticator-again-e166d09d4324 for more information. -
knds
commented
come on guys! This is such a basic feature for security, please put it in your roadmap!
-
Billy joe
commented
Honestly. I’ve found some competent providers
. Was this a bribe what? Cause the fact blind eye is given to yubikeys protocols tells us this m company is a lazy and not respectful of clients or protecting them
-
Billy joe
commented
Wow!!!
Inkdft Tutanota because I knew it supported yubikey surely and no?
Gals I didn’t go premium. Will keep people updated if I find a provider who take full care over their customers vulnerabilities
-
Anonymous
commented
What I find fundamentally wrong with this email is that for years, users have been asking for this service with no response. Why should I continue to use and pay for this
-
Thierry
commented
You should target the U2F protocol rather than one specific provider....