2 Factor Authentication
2 Factor Authentication
2FA all the way!
An ordinary file, such as an image, that you upload every time you login would not be significantly more secure than what we have now, and there are better alternative solutions that solve more problems than this would.
1. The uploaded login file could be intercepted by a man-in-the-middle, and the attacker could then continue using it forever afterwards to log into your account. The PGP key system we already have now is superior to this because even if the PGP key falls into the attacker's hands somehow, it remains encrypted offline with your mailbox password.
2. A file you upload to login doesn't defend agaisnt malware attacks on your computer. Malware could steal the file, just like with passwords you type in.
3. The file does nothing to defend against law enforcement or government surveillance. If Protonmail is served with a valid court order that is authorized by the Swiss legal system, Protonmail will be required to supply all data they have, which includes your encrypted emails (not plaintext) and your encrypted PGP key. Law enforcement will then attempt to bruteforce your key's password (the mailbox password). The only thing protecting your data is that password, so you'd better have a strong one. An uploaded login file is irrelevant here.
4. Two-factor authentication and/or Yubikeys can prevent an attacker from remotely logging into your account even if he has gained the right username and passwords from doing a man-in-the-middle or malware attack. A Yubikey could also securely store your PGP key. An uploaded login file offers no protection, so it's better for Protonmail to work on developing two-factor authentication and Yubikey security systems.
Please take care to ensure your suggestions actually solve real security problems, otherwise they may only serve to make Protonmail harder for everyone to use. If you're truly as paranoid as some of you claim to be, then you may be better off switching to Thunderbird with Enigmail instead of using ProtonMail.
This is an absolute must, please add this!
Hi team, I am almost ready for donations ! - I injected a comment on Google Play, and just mentioning about the same in this forum.
Together with 2FA ... Holding the private key on a U2F key would be nice for a PC Logon.
Supporting FIDO U2F might be a intresting feature on the product roadmap.
Obviously..such does not exist for the mobile app.
Hence, we need to memorize our programmed U2F value anyway.
U2F Example WEB :
keylogger and your done. 2fa is a must.
Ross Grady commented
Where is this on the development roadmap?
Thierry Ackermann commented
2FA is a paramount and nonnegotiable functionality enabling a much higher standard of security and privacy. I am surprised it's not already integral part of the protonmail service. Please make it happen ASAP. Thank You.
This is a must, I will donate and migrate my entire email when this happens. Thanks
Please add 2 factor authentication. This is a must to better secure accounts.
To be honest this should be right on the top of the implementation list. This is a MUST
Otávio Júnior commented
Of course yes! I'm look forward. I waiting for this so long.
Alexander Karolis commented
Yubikey would be perfect
Google Authenticator would be great!
Authy integration would be wonderful!
I also support yubikey integration.
Clek Bindles commented
Multiple options for 2 Factor Auth please.
Some people seem good with having a physical token, I would also like an option for the only device I manage not to lose on a regular basis - the cell I am currently using.
Like the others, non-proprietary software, no google etc.
Yubico support would be awesome. My experience with it has been ideal so far.
This is requested already https://protonmail.uservoice.com/forums/284483-feedback/suggestions/7158328-2-factor-authentication
Please support two factor auth!