YubiKey support
The dedicated Protonmail community deserves a real response from the crack team of Protonmail scientists and engineers. When are you implementing Yubikey or are is your tag line just bs?
"We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why we created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. Our goal is to build an internet that respects privacy and is secure against cyberattacks.
We are committed to developing and widely distributing the tools necessary to protect your data online. Our team combines deep mathematical and technical knowledge from the world's top research institutions with expertise in building easy to use user interfaces. Together, we are building the encrypted communication technologies of the future."
-
Shawn commented
Proton - I love your products but use of a Yubikey is common in this community. Please consider adding this security feature. A Yubikey would bring security to the next level.
-
James commented
Yes yes please!! I have emailed support about this and was told that "it's in the works". Will see...
-
TheDoctor commented
Major yes. I love this service but if it wants to compete with Google level security, it needs to support security keys.
-
Ben commented
+3 for this one. app-based OTP is much better than SMS 2FA or nothing, but yubikey would be even better.
-
PLEASE_ADD_YUBIKEY_SUPPORT commented
I've given up hope of this being implemented. It's been years. They say they're working on it, but it's pretty clear that Drive and Calendar are the priority. Really frustrating.
-
Oli commented
Sorry but can we get back to the topic and just integrate Yubikey PLEASE.
-
RogerThat commented
I too agree with this request for U2F for Proton log-in, but--as a YubiKey user myself, I'm not sure its the BEST log-in option we have...
While the TONE of this suggestion feels unnecessarily TOXIC to me too, I DO hear the explicit frustration: I suggested this very feature years ago and yes, WE do need some response from the team. Is there a technical, compatibility or security challenge we're unaware of that stopping this feature??
On another level, IS YubiKey is the BEST option to improve Proton Log-in UX??
I think there's actually a MUCH BETTER IDEA to enhance Log-in usability, security, anonymity, and decentralization all at once--& Maybe the Proton team IS already on this...??
-
SeñorDeBlez commented
We will not be upgrading until Yubikey is implemented
-
36azbMOPnVJdH3IF4BayJVu commented
The most requested feature and definitely essential nowadays.
-
Anonymous commented
I'm aware that there is already a highly upvoted suggestion like that, but I didn't feel like supporting OP's toxic attitude in adding only Yubikey and leaving all other hardware authenticators behind.
What I'm asking is adding a hardware 2FA authentication method. As simple as that. Not many people realize this, but hardware authentication is slowly becoming the new standard in account authentication. Google has already implemented passwordless logins (only use your hardware tokens for authentication), which leaves other platforms like ProtonMail and Discord at a shame for not even having the feature to begin with.
-
Anonymous commented
Please implement this feature, it's a must nowadays for enhanced security which is basically the same goal of the Protonmail service.
-
Dingwen commented
SSO is now finished, I believe it’s time for implementing WebAuthn.
-
Aerion commented
Like others, I feel the rude and aggressive tone is unnecessary and unhelpful, however much I agree with the need for U2F support to be taken seriously by ProtonMail.
It's a shame that new features such as ProtonDrive and ProtonCalendar are prioritized higher than account security.
TOTP is better than nothing, however, and at least they're not using SMS 2FA.
To eliminate the risk of losing one's phone, and with that all TOTP codes, a good compromise can be reached by utilizing the OATH-TOTP module offered by the more expensive YubiKeys (the NEO, 4 and 5 models. The blue U2F only ones, sold as Security Keys, do _not_ offer this functionality).
They can be programmed with up to 28 TOTP credentials for the NEO, and up to 32 for the 4 and 5 series.
Once programmed, the credentials can be read by the Yubico Authenticator app (available for both desktop and mobiles), which will display the codes within the app just like any other TOTP app.
Should you lose your phone, your TOTP credentials are not at risk since they are stored on the YubiKey itself instead of in the app.
This does not obviate the need for U2F/WebAuthn support in ProtonMail, but it offers a great solution for the TOTP problem when one's phone is lost or stolen, by leveraging one of the YubiKey's lesser known features.
TIP: programme a second key with the same credentials so that you have a backup in case you misplace or lose the main YubiKey.
I hope this is of help to some people.
-
Anonymous commented
Hardware 2FA is the most secure form of 2FA. Please add in Yubikey functionality!
-
Anonymous commented
Hardware 2FA is the most secure form of 2FA. Please add in Yubikey functionality!
-
Bob commented
I have read most of these comments and all the ones stating they are going to stop paying for the Protonmail service. I would like to ask what mail service you are going to utilize that supports U2F and that is not Google? From a quick search I only found Google, Fastmail, and AOL support U2F that are email services. Seems to me Protonmail with OTP MFA is a better option.
-
restlessmodem commented
FIDO U2F is the way to go. It is just too much overhead to sign in using the additional OTP app for an account that is used that much. I was really surprised to see protonmail does not offer this. Makes my ProtonMail account feel less secure than some other accounts which do not advertise security and privacy as much as ProtonMail but offer U2F!
-
James commented
An official response would be greatly appreciated.
-
cybertronix9th commented
I am also surprised by this. I am still waiting on this feature before I start paying for their services. The superiority of secure logins with U2F keys is clear. Say your phone with the OTP app gets stolen.. a nightmare. With U2F keys, you can just have backups at home.
ProtonMail team... what are you doing? Please focus on the important things.
-
Anonymous commented
Protonmail supports setting up 2fa. Just set it up with your yubikey like I have.