Temporarily store 2-step verification
As it’s already (welcome) extra work to enter two passwords, could 2-step verification be implemented so that known devices would only need to be verified again every 30 days or so?
At the moment, with 2-step verification enabled, even a page reload triggers triple authentication, which makes the added security a poor experience.
-
Pierre commented
Hi, to me 2FA as OTP is useless if it has to be used at every webmail connection. I mean I won't search for my one time password on the phone every time I want to check my emails, it is a PAIN. Therefore I prefer having it disabled and wait for a "remember my device" option which is... sad.
Gmail and other services have it implemented and let you choose whether to remember the device or not.Plus I don't think this is tricky to implement so please... :'-(
-
Anonymous commented
+1 even as a "security conscious" user it feels very burdensome to enter the code from Google Authenticator every time. I'm perfectly willing to trust my (reasonably-secured) devices.
-
Anonymous commented
Definitely agree with this. Please implement a permanent "remember device", or an option to pick permanent or 30-day. (Yubikey would also be awesome!)
-
JC commented
I think 2-step is a great idea but are mobile phones secure enough in general for us to consider this? Most of them are made by know security violators like Google, Microsoft and Apple. The world is in desperate need of a solid Linux phone.
-
Kenneth commented
I believe this is a duplicate of https://protonmail.uservoice.com/forums/284483-feedback/suggestions/17308039-temporarily-store-2-step-verification
-
Anonymous commented
This has already been posted, please vote on the other suggestion
-
Tony commented
Agree
This has also been posted -
Tony commented
Love 2fa is enabled, but as it's been mentioned I'd like to have a trusted device.
Mobile phones are trusted. Would be nice to have the same for a computer.
I do think every device should have to re-enter every 30 days the key
-
Nicholas commented
Wouldn't that require login-cookies that can be exploited?
-
Chris V commented
I love using 2 Factor Authentication with Protonmail, but it is tedious having to enter a code ever time I open my browser on my common use PCs.
It's be good if I could have Protonmail remember each common device when I tick a 'Remember device' tickbox and use a page once logged in to deauthorise each one.
Ideally, I should be able to set a default max time before expiry (X days, Y Months, Z year(s), No limit) that I can the adjust later (Eg. set my work laptop to 3 months, personal encrypted laptop to forever) -
Anonymous commented
I am definitely a fan of this. It is doable for Gmail, Facebook, AOL, LastPass, etc. There is no reason to use 2FA EVERY time you login. Getting my phone out is very unwelcome when really I want 2FA specifically for adding an additional layer of security on unrecognised devices rather than the device I use all the time.
-
Anonymous Visionary User commented
Please consider enabling a time-limited (e.g. 7, 14, 30 day) setting for two-factor authentication for recognised hardware. I like the current two-factor authentication feature, but it becomes cumbersome across multiple devices in a high-use account. Conceptually enabling two factor trusted devices would not remove secondary passphrase functionality but only remove the two-factor authorisation requirement from recognised and pre-approved hardware for the time period chosen.