Proton Authenticator (standalone app)
Proton made Authenticator apps, with cloud backup.
Hi, I'm currently using Microsoft authenticator for 2FA.
I can't move away from Ms authenticator because cloud backup features.
TOTP authenticator isn't hard to made on mobile/desktop nowdays proton team can leverage existing proton drive space to make these as a cloud backup
-
Elect-Ron commented
Others commented Proton already built this into Pass app, but sharing experience with switchover.
- I recently migrated around 25 2FA tokens from MS Authenticator to Proton Pass (PP) TOTP, including multiple accounts with Microsoft, Meta, Google, Xero, GoDaddy, and a bunch of smaller platforms.
- I manually signed into each platform using MSAuth token > navigated to 2FA setting > add/change 2FA to generate a QR > scanned 2FA code using mobile PP app > entered PP code to verify token. Simple.
- I noticed Microsoft, Google, Meta all preference notification of sign-in by alert in their existing apps over 2FA as a 'feature'. It hasn't caused an issue.
- I noticed those platforms and others added PP TOTP 2FA as an additional authenticator, and did not replace their own.
- I noticed many financial platforms (banks, paypal, cashbacks, gift cards) ONLY feature 2FA via SMS, which is very inconvenient with unreliable service and frequently changing mobile numbers. Not a PP problem.
- I appreciate the simplicity that using PP Windows app to fill sign-in credentials automatically copies the TOTP code to Windows clipboard, but do notice that MSAuth app on Android double verifies biometrics before approval, which feels more secure.
- I then wiped devices, reinstalled, and realised Proton Pass first-time sign-in needed the 2FA code from Proton Pass. I luckily was able to find old recovery codes or access would have been lost.
- I have noticed PP Android app and Brower extension both intermittently do not prompt to auto-fill, and worse on Android after I installed Microsoft Swiftkey running in incognito mode.
- My suggestion for Proton Pass (I assume voiced in other tickets) is workflow features to allow other Proton signed in apps to authenticate as large platforms do, particularly if Biometric prompt is available (e.g. feature added to browser plugin currently using fixed 6-digit passcode).TL;DR: Proton Pass 2FA does all Microsoft Authenticator does, BUT MAKE SURE you have Proton recovery codes handy if you migrate Proton 2FA to Proton Pass ot a total lockout is a real risk.
-
DX7 Fan commented
Proton Pass already does this. The only reason I have Aegis is to authenticate Proton itself.
-
Shawn commented
I don't see a need for a separate authenticator app when that feature is already included with Proton Pass. I mean you get both credentials and OTP in the same spot. If you really need just an OTP, just create a new entry with JUST the OTP portion in Proton Pass.
-
Tom Youth commented
From what I've seen concerning this matter, I would advise not using authenticator apps at all. Use security keys. I would probably recommend YubiKey currently.
-
Hannan commented
This would be awesome, and also be a great tool to onboard new customers!
-
Jerald James Capao commented
I will dump Microsoft Authenticator for this. Pleaseeee Proton!
-
awkbr549 commented
I would like this as well, even if the free version has no cloud backup and a cloud backup requires a paid account (as part of Proton Drive).
-
Redacted commented
They could simply clone Aegis, rebrand it, implement a plugin that backs up to Proton Drive, and then add some paid QoL features.
This might be a good product idea for em.
-
easy_street762 commented
This would be a great addition! I will dump Google authenticator for this.
-
JOJO commented
Best feature.
I wait for this one to quit Google -
dan commented
I dont see the need for it, aegis authenticator is free & open source, plus it doesnt contains any trackers.
And, proton pass has the ability to integrate 2fa codes.
-
VoxiBe commented
Great idea! I currently use Authy, a very functional alternative to Google and Microsoft, but I would of course have more confidence in proton.
-
Gus commented
Shouldn't this be closed? Proton Pass already does this.
-
gamestime102 commented
Good ideas
-
Aarck commented
We already have Aegis which works very well, I do not think we really need anything else at the moment
-
haveyou commented
I love this if mostly free like authy but some are pay
-
Richard J. Acton commented
Aegis covers this use case if you sync the local export via proton drive or other could sync you trust e.g. a self-hosted nextcloud server. Proton should not spend their limited dev time on a problem that already has a good libre/open source solution.
Doing this is a bit of a security improvement over having your TOTP codes in proton pass as they have a separate encryption key from aegis so someone with access to your proton account would still need to ***** the encryption on your aegis vault backup separately. This is less secure than Yubikeys as has been pointed out but of course less vulnerable to locking you out of your stuff if your only copies are lost/destroyed - as usual there's a trade-off.
-
Morrie commented
I would like a standalone authenticator that syncs with ProtonPass for the 2FA keys, possibly secured with a hardware key or maybe a different password or something only for the authenticator to open
-
Riyaz commented
Integrating TOTP with Proton Pass is highly beneficial because it automatically copies the TOTP code, making it very convenient to access. Alternatively, Aegis is an open-source option.
-
Privacy commented
This would be a huge thing. The danger with Offline TOTP Apps like Aegis and other are that if you forget to manually back it up, you loose everything if you loose your phone.
I know cases where exactly this happened.
Passwort reset won't help then.
But it needs to be also on Linux (Fedora).