Require 2FA and password before accessing Proton Drive in Windows Explorer
I would like the addition of an option in the Settings menu.
If this option is checked, data 'at rest' in the Proton Drive is encrypted and unusable in a Windows computer by default, on each startup. Only after entering the Proton password and 2FA does the Proton app unlock, decrypt all files and make read/write possible.
To clarify, it could still sync files while in 'encrypted' mode from the cloud to on-premise, but always encrypted first. And usable upon unlock.
Then when the user actually wants to do something, they can enter credentials and decrypt their Proton Drive. Kind of like how a TrueCrypt disk would work.
As mentioned, this should be an 'option' so other users who want to leave their Proton Drive decrypted all the time can still do this.
The reasoning behind this addition is: it is ridiculously easy to bypass the Windows login screen when on-premise. Someone could login to your computer copy all ProtonDrive files to a USB and then leave, if the ProtonDrive is decrypted by default and accessible in Windows after login - as is the case now.
This kind of defeats the purpose of having an encrypted local Windows app, hence my suggestion.
Thanks for reading this far.
-
Cory commented
This would be great! I could settle for just a passworded vault though as well.
-
Phil commented
Yes! This is exactly why I don't use the Proton Drive app on my Windows laptop.
-
Thomas Anderson commented
Thrr-Gilag that was the first thing that I tried actually, way back.. however this appears to not be the case. Because this results in an error during the setup process of your Proton folder (when choosing the location). It then says it cannot use this sort of drive to configure a Proton Drive folder.
In a similar fashion it also gives this error when putting the Proton folder on a network drive. You can only seem to choose a local physical disk as a sync folder for Proton Drive (in Windows).
Perhaps you mean the other way around? Putting a Veracrypt volume file container inside the Proton folder. That is possible. But that is a hassle though, because you then still have to use another application to do something the app should be able to do by itself. As Proton Drive Windows should mimc the functionality and security of Proton Drive online, i.e. being encrypted. It simply the extension of functionality that already exists in the cloud, to the on-premise local PC.
I think Proton Drive is a great idea, which is why my viewpoint is - why would you first create a very secure cloud storage, encrypted, with 2FA etc.
And then create an extension to that functionality to a local PC, but 're-open the doors' you so carefully shut for security reasons in the cloud?
Now everybody's use case is different of course. So that's why I mentioned it should be an option. So users who want to keep things as it is can choose a less restrictive security option.
-
Thrr-Gilag commented
Can be mitigated by putting sync folder in a veracrypt drive but if something smarter can be done.
-
Thomas Anderson commented
Good point Forged.
This security option should indeed apply to other OSes as well, such as Mac OS X and Linux.The Proton team has always strived for the best in terms of security and privacy.
So I trust that they will also read this comment section and if they're going to implement it for one OS, it would seem logical they will add this for other OSes as well.
-
Forged commented
Another request that echos this but for Mac, please could the requests be merged to increase weight of the votes as both platforms miss this;
-
Forged commented
Exactly this request but for the MAC CLIENT TOO please!
Even just a biometrics or short passcode to decrypt/access the Mac drive folder rather than full log in. As it is currently I struggle with the security of my Drive folder on my Mac -
Anonymous commented
On Windows the proton drive folder can be accessed from any Windows account with administrator rights. As the client side security breaches are the most common, the proton drive folder should be encrypted locally (possibly with the credentials of the windows account or Windows hello) and decrypted/accessible only on the respective windows account.
-
Kimaro commented
This should absolutely be a thing, not a feature I would use, but 100% something I'd stand behind that should be implemented.
-
Thomas Anderson commented
Great additions shopping887 and Schteek2000! I would like those features as well.
-
Schteek2000 commented
I would like to be able to set a time-limited password to access Proton Drive in Windows, but if a transfer has been started, it should be completed before locking occurs. And 2FA and password, before accessing Proton Drive in Windows Explorer.
-
shopping887 commented
Ideally, one could also still add files via drag&drop while the drive is encrypted, so these new files would be encrypted immediately without the need to decrypt the drive first.