Proton Drive Windows app: Option to require 2FA and password, before accessing Proton Drive in Windows Explorer
I would like the addition of an option in the Settings menu.
If this option is checked, data 'at rest' in the Proton Drive is encrypted and unusable in a Windows computer by default, on each startup. Only after entering the Proton password and 2FA does the Proton app unlock, decrypt all files and make read/write possible.
To clarify, it could still sync files while in 'encrypted' mode from the cloud to on-premise, but always encrypted first. And usable upon unlock.
Then when the user actually wants to do something, they can enter credentials and decrypt their Proton Drive. Kind of like how a TrueCrypt disk would work.
As mentioned, this should be an 'option' so other users who want to leave their Proton Drive decrypted all the time can still do this.
The reasoning behind this addition is: it is ridiculously easy to bypass the Windows login screen when on-premise. Someone could login to your computer copy all ProtonDrive files to a USB and then leave, if the ProtonDrive is decrypted by default and accessible in Windows after login - as is the case now.
This kind of defeats the purpose of having an encrypted local Windows app, hence my suggestion.
Thanks for reading this far.
Ideally, one could also still add files via drag&drop while the drive is encrypted, so these new files would be encrypted immediately without the need to decrypt the drive first.