Allow security key 2FA without setting up OTP 2FA
I would greatly appreciate if you could allow users to set up 2-factor authentication using a U2F/FIDO2 security key, without also having to set up OTP-based 2FA.
-
You suck commented
many came to this platform for security. however forcing otp using an authenticator has a backdoor. OTPs and authenticators are hackable. anything tied to your phone are hackable. security keys are not. I am leaving protonmail.
-
lazar commented
I've been trying to move to security keys and away from OTP-based 2FA, so I'd really appreciate if I didn't need OTP-based 2FA for arguably my most important platform.
-
Aaron commented
I think most of us purchased a physical security key such as the YubiKey to use FIDO2. To only support U2F and require mobile OTP back up defeats the purpose of having the key.
-
protonvoter commented
I appeal to Proton to implement FIDO functionality without Play services. Otherwise I am unable to Increase my account security by replacing my 2FA with a security key on my proton account.
-
Purple Dragon commented
Agreed, I would love to have a security key only option. Perhaps the end user can be forced to set up a minimum of 2 physical security keys to ensure they have a backup plan. Not a fan of TOTP being forced as it defeats the security purposes of allowing security keys by forcing a virtual option.
-
Anonymous commented
No point in having security key if OTP is going to be the weakest link. In order to mitigate users locking themselves out, you can set a minimum number of yubikeys and many warnings.