2 Factor Authentication
2 Factor Authentication
-
T commented
It's a great Idea !
entering password , then sending a code to phone number ...
signing in everytime and get a verification code will cost you much because of many times for logins and massive users . so I hope you add IOS and Android app to letting users login into the account one time . ( like Gmail for IOS which we can sign in and get vertication code for only one time ! )
I've sign up for half month and waiting to receive my activation email . I wish you add these features when I get my link .
thanks to Protomail Team -
fred commented
2 factor is a great idea. i would like to see something like googles. it works with my yubikey and removes the need for my phone and google authenticator. as 2 factor becomes more mainstream, passwords will become stronger and harder to guess and this is what yubikey was made for. i caution against a simple usb stick as this is highly unsecure and can be tampered with.
-
Anonymous commented
2-Factor auth is a must to me. Having it in ProtonMail would be great.
-
Craig commented
Yubico support seems like an obvious addition to this service.
-
Cameron Taylor commented
I would love to have the most simple, and perhaps effective, two-factor authentication of all: Key files on a USB stick.
(Timed or algorithmic security tokens are nice in theory, and it would be good to have ProtonMail support for them, but they're very fiddly to set up. I'll stick with a 128-Bit key file being a second password appended to the first.)
-
anonymous commented
I would love to see a low-tech option such as the LastPass "Grid".
-
Markus Jansson commented
This would complicate things. Ofcourse, if you replace account password with Yubikey (and only keep mailbox passphrase), then it could work. But having to type in username, password, Yubikey and then mailbox passphrase would be too much.
-
Daniel De Rudder commented
Please provide support for two factor authentication by means of a Yubikey ! Thanks.
-
Conor commented
An absolutely required feature, for sure.
-
Christian B commented
I'd love to see integration and support for the YubiKey platform. ProtonMail is a great platform for the average security conscious consumer to get an idea of the extra level of security FIDO U2F and devices such as YubiKey can offer.
-
Newguy commented
I would like to say as a novice computer student that I'm slightly nervous about being judged on what I'm going to say but if you have a comment please atleast add why something I say sounds stupid, so here it goes.
an application on the IOS from what I've read which I'm not sure how accurate this is but IOS runs applications differently from android, some how more independently from the operating system.
Instead of an Application could we have an option to just make a secure container similar to samsung's knox workspace, or integrate an OS independent ROM extension that allows proton to share like a 1/4 of the cpu or something like that. something that is independently controlled from the mail server end and cannot be initiated from the endpoint. And when it is initiated the OS on the phone is backed up, the phone gets rooted by the mail server end and the secure ROM is uploaded, within the Secure ROM a vitural machine is created to simulate the original phone. so you can receive and read all the data on the VM with a barrier. So, I'm going to represent hard and promotion for the Proton mail service, you guys get cracking on that OS I guess. haha, just kidding please mind my bad humor. Do let me know if any of what I'm saying is making sense, and where you think I need to do more research to better understand the functionality or details of anything.
This feature would be configured from a computer admin end so instead of typing in any kind of sensitive password the application on your mobile tab or phone, verification is hardware predetermined and verified by some kind of radius to the computer or nfc device that randomly generates keys with another nfc chip device on car or wallet gives the "access granted" and that way its all ready through the container and all that's left is typing in the mailbox key to decrypt. or like a voice, retina, and finger print scan. (is that excessive?) I know very little and I am trying to learn more about computing frankly blindly trusting any secure program regardless of how prestigious the development team is does not allow me to trust fully that at the user end point there isn't some kind of anomaly that is so unique that it allows a malicious counterpart to collect my sensitive data and log into my communications.
-
Markus Jansson commented
This is very stupid idea. If your computers security is compromised and password can be stolen, your keyfiles can also be stolen so this adds absolutely nothing to security.
Yubikey OTP is an other thing, and if implemented correctly (user would type in emailaddress and OTP would be used as password - then user would have to type in mailbox password by hand) it would enhance security.
-
Jakub commented
It is very safe and popular in another web services. To log in account you have to write code. Code you get by text message to your phone, when you or somebady try to log in.
It is on facebook.
Maybe it is no anonymous, but safe. -
Anonymous commented
I'm for U2F as well.
-
rahool commented
I second the addition of U2F as a forward-looking solution that completely eliminates phishing attacks as a sound 2FA method.
-
Anonymous commented
Yep very good idea...
A solution could be OTP. Implementation of YubiKey OTP.
https://www.yubico.com/faq/what-is-a-one-time-password-otp/ -
Dominic commented
It would be nice to have an extra layer of security, in practice the chance to have a key to unlock the account, obviously not a password, but a key file to upload to the site at the time of login, style KeePass in short.
This is in my opinion a very good idea. :D -
Tony Tan commented
TOTP (such as Google Authenticator/Authy) is the most widely used, but please consider adding support for U2F Security Keys ( https://en.wikipedia.org/wiki/U2F ). U2F is an open 2-factor authentication standard that is very secure and easy-to-use.
-
Chris commented
Yubico support could be a good idea too.
-
Richard Frost commented
FIDO is a new open standard for 2nd factor Auth.
https://www.yubico.com/applications/fido/
Google is now supporting FIDO using Yubico's FIDO Yubikey. FIDO is open to many manufacturers who all support this standard. Supporting Yubico's FIDO key would be a real start. Its the strongest 2nd Factor out there.
FIDO Alliance: https://fidoalliance.org/