Approve login request on mobile to log in (passwordless login)
Currently when I login on my Desktop through a webbrowser on a Proton web service I need to fill-in my MFA code, instead off filling in a MFA code I wou like the possibility to get a pop-up on my Phone and approve it with bio metric validation.
-
Anonymous commented
This should be implemented using the Webauthn/passkeys standard. Passwordless *login* should be allowed, with only a Mailbox Password to decrypt the mailbox. Passkey (biometric) prompt first, then mailbox password prompt after. Passkey would be a replacement for the first password of two-password mode.
-
Redacted commented
Like Steam does it, QR code sign-in.
-
Jamie commented
This could also be a sign-in with QR code, which would handle the username, password, and MFA
-
Ron Poppe commented
For accounts with long passwords be nice if when we enter our username on proton website/app we could approve login on another device (i.e proton pass on mobile phone) via push notification / OTP
-
gk23vj5 commented
I would not enable this.
-
commented
Horrible idea, Get ready for MFA bombing (being spammed with prompts until you give in and click "Approve") like what happend to apple Icloud users recently if this is implemented.
push authentication is vulnerabile to social engieering attcks like this, I'ld quite posibly leave proton if they put this in.
Passkeys or FIDO2 Secutykeys would be a more secure passwordless option -
[Deleted User] commented
Being able to log in with a device (like Bitwarden does). So mobile devices (tablets, phones) have the option to turn on "login with this device", so I can log in with that device if I've already logged into the account (if want to log into my account from my friends laptop, to use this feature, you have to log into the account for at least one time). That's one of the things I need to move to Proton Pass from Bitwarden
-
Shayan commented
A notification that pops up on your phone to allow / deny a login. Way better then a password.
-
David Garcia commented
Question for those requesting this feature:
"How do you get a Login Link (to eliminate the need for a password) if you are not logged into your email?"
Personally, having a Password + 2FA is the right way for most users to proceed. If you want more security, consider YubiKey and use a physical device (you have a key for your house and another for your car, so why not have one for your online account?).
-
Incognito commented
Whenever trying to log in to Proton Pass in PC, browser you name it a an approval request sends to Proton Pass in mobile.
This future is very handy and works like 2FA (kind of! IMO) for logg in to PP on PC and browser and later on, on PP desktop app.
-
BruceL commented
I don't have the aforementioned authenticators but I can envision a text msg from proton with a six digit code to enter.
-
Rich Rice commented
Please review asap!
-
Rich Rice commented
Passwordless accounts are more secure than the password
-
Jon Miron commented
This!
It's so much more secure logging into my work computer without having to enter my crazy password.
-
Anonymous commented
I value the addition of dual factor authentication, but I find it frustrating that I have to open an app on my phone and quickly type in the relevant 6 digits before the code refreshes.
I have many such MFA apps on my phone, and my favourite by far is Microsoft Authenticator and LastPass Authenticator. The reason for this is that when I log in to ProtonMail, a push notification is sent to my phone and I simply have to press yes or no on the notification to allow or deny the login.
This is a massive time saver and I don't believe it is any less secure, because the phone has to be unlocked before the command can be given. Using fingerprint authentication, this takes a matter of seconds,
Please consider looking into this enhancement,