Beef up passkeys by requiring hardware security key or 2fa code authentication
I am concerned with how easy it is to activate passkeys with Proton Pass. Let's say that someone's child or sibling were using their computer and snooped at their account, either on purpose or on accident. If that account doesn't have a passkey they would have to at least click through to autofill the username/password boxes, which at that point their conscious would tell them this is wrong and they might turn back (we can hope!). But if that account uses a passkey, it is as easy as clicking the pop-up and it is easier for someone to be tempted to just open the account. Since passkeys are so easy to use, it is only one step removed from basically being being logged in everywhere all the time so long as the Proton account is signed in.
So rather than a passcode requirement at timed intervals, it would be nice if there was an option to require hardware key authentication or 2fa code for every single time a passkey is used, regardless of if the Proton user has timed pin-code unlock turned on or not. The feature could be toggled just for passkeys or for autofill in general, which would also be nice and could essentially lock Proton Pass to your hardware key even if you were already signed in on two devices in different locations (like if your younger brother guessed your PIN code for your laptop while you were away and snooped through your browser with Pass signed in and passcode turned off)
the9thlion
shared this idea
-
the9thlion
commented
More context: I like to use Proton Pass browser extension without keycode unlock because it is more fluid (and I have little danger of snooping children personally!) but if a part of my sign in process were tapping a hardware key every time, that would be still fluid and also more secure.