YubiKey support
The dedicated Protonmail community deserves a real response from the crack team of Protonmail scientists and engineers. When are you implementing Yubikey or are is your tag line just bs?
"We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why we created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. Our goal is to build an internet that respects privacy and is secure against cyberattacks.
We are committed to developing and widely distributing the tools necessary to protect your data online. Our team combines deep mathematical and technical knowledge from the world's top research institutions with expertise in building easy to use user interfaces. Together, we are building the encrypted communication technologies of the future."
-
Thomas Jack commented
Although convenient, a cellular phone is not the most secure method of 2 Factor Authentication. Even more so, it is more likely to be stolen than a Physical 2 Factor device such as a Yubikey. I propose support for FIDO U2F which in turn would support physical 2 Factor devices that support this standard such as Yubikeys.
Lastpass and Google both support these standards. If you truly want to become the encrypted version of Gmail as it has been said in the past, you need to be competitive with googles security standards.
-
Anonymous commented
Hardware based second factor authentication token is huge for security. I would love this feature more than anything else.
-
Dagger commented
Absolutely a top priority as far as I'm concerned.
-
m4ko commented
Someone called my attention on another hardware key that has also an open source hardware.
I can not judge if it is better than Yubikey or not.
https://www.nitrokey.com -
Anonymous commented
+1 (Along with the *option* to remember devices) please!
-
tymat commented
BUMP. This is a much needed feature especially in light all these compromised phone operating systems from the WikiLeaks Vault7.
-
Alan commented
What Ken said: "Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then."
-
Anonymous commented
U2F support would make all the difference in the world for me. It fits my security model in ways that 2FA cannot. I travel internationally and I often change phones, so any 2FA method that relies on me having an app on my phone (SMS, Authy, etc) can fail me at critical times.
As a result, anytime I travel out of my home country, I have to disable 2FA on my PM account -- and that's exactly the worst time to have to do that.
I understand that U2F would take some (but not much) time for you to implement, but as a paying customer I would greatly appreciate it.
Thanks for your time.
-
Trevor commented
There is another suggestion, which asks for support for the FIDO U2F standard. That would apply to yubikeys, and many other methods, but has fewer votes. Probably because fewer people understand what "FIDO U2F" is than recognize the "Yubikey" brand. Either way, a bit +1 from me.
-
Ken commented
PM were asked time and time again about Yubikey on the blog post that announced 2FA. No Yubikey and not even a comment about why not.
Telling people to rely on their mobiles for 2FA doesn't make sense if you use PM on the mobile - it's not a true second factor then. Also, phones can be attacked remotely (see recent Wikileaks revelations). Much harder to do that with Yubikey.
But like I say, PM wont even comment. Dunno why.
If you're listening PM, PLEASE DEVELOP YUBIKEY SUPPORT. Pretty, pretty please.
-
El Murcielago commented
Proton could raise funds and increase security by offering (for sale) to users credit card sized electronic one time pads for 2FA. Many banks are using them, currently. BOFA charges $11.00 US. (a one time fee) is there anything more secure than a one time pad?
I do not know who produces these cards. Pretty sure they are not open source, either lol. -
Enrique Quero commented
Need that -.-
-
sandro commented
I need this too. with fido u2f support or Yubico OTP.
-
Nea commented
Some stuff is better kept separated and I don't want to have to rely on my smartphone for two-way-authentication. Yubikeys are an awesome invention and I'd be glad to see more platforms supporting them. :)
-
John Payne commented
Second this, would like to have YubiKey support added since most major browsers natively support it.
-
sandro commented
2FA: please add fido u2f support. not only OTP.
-
olivier commented
That would be good to integrate a protection with Yubikey for the 2 factor authentification. https://www.yubico.com/
Google already uses this feature for the mailbox. Facebook also accepts yubikey as the 2nd authentication factor.
I think that as a safety-conscious company, you should make your services compatible with yubikey. -
Jay commented
I would like to use my Yubi Key as a second factor authentication device. Is that possible now, might it be possible later?
-
Matthew Krawitz commented
I didn't see it anywhere else on this site... so here goes
Please expand 2FA so that it supports Yubikey in addition to the services currently supported. I'd really rather not have to rely on my mobile phone to authinetcate...
-
Jeremy commented
Google authenticator-type apps are a good option, but shouldn't be the only one.