The intended use case for ProtonPass makes it a place of unique importance, so being able to lock it extra tight would be very appreciated.

I kinda expected this to be there allready, hope it will be added soon.
challenge-response with yubikey specifically is what I need.

I'm surprised this wasn't prioritized in the initial design.

Agree on all the previous comments. Security-wise, there is no point of adding a security key, if the authenticator app option must remain active. That way, the authenticator app remains the weak(er) link. Please @Proton, add this option as soon as possible.

Really surprised it is not possible to disable the authenticator app 2FA method and use only the security key option.

Yubikey support please, on browser, desktop, and mobile.

As a startup Proton user I am just starting to browse these user opinions. I write as a developer who started up one of the first biometric systems in U.K. based on dynamic signatures back in the '80s.
Today as an octogenarian developer I value the simplicity of using Google Titan Key to login to accounts such as Heroku. Simples!
Consider the hassle if your 2FA mobile is not available to receive. I abhor idea of facial recognition (I resemble the old Gabby Hayes of vintage westerns). One Logitech webcam I bought to appease some accounts verifying my identity only works on Windows not Ubuntu. It only works when I dual boot from Ubuntu into Windows.
User memory of phrases or images combined with security dongle is a good compromise to complement passwords. There is too much hassle today in managing many, many subscribed accounts. And has anybody considered a "dead man's handle" process for non technical executors (not familiar with Proton) to apply when Proton account owner falls under a bus? How to verify identity of legal executor to wind down an array of active accounts? A backup Google Titan Key (held by executor) makes this succession task easier in my view.

And incidently why stick an X post alongside this comment field? I am not interested in Musk land. Then I spotted "Post comment" further down. First time fumbling around I guess.

I’m disapointed not to be able to use yubikey as the primary login.

Agreed. For increased security, I would love to disable the authenticator app ability and only login with my physical yubikeys. Perhaps the interface can force a minimum of 2 yubikeys to do this to ensure the end user has a backup plan.

Could also use biometrics when available

Yeah, this should have already been added.

The absence of this feature is the reason I'm still using KeePass and will not switch to proton pass. As others have written, this amount of security is in my opinion crucial for something thats so security critical

Unlocking with a security key and disabling logging in with a pin would be great.

I have the extension on my work computer, but this is a computer in a space where others can access the machine. Even though I lock it, it is still a security risk.

If the extension doesn't recognize my security key it should be locked until it is plugged in again. This would be a huge bump in security for me.

So I know you can add a security key to your device but i would love the option to make it mandatory for opening the vault.
Example: Password safe is able to get you into your vault if a master password and the yubikey is correct. I would lova a feature like this with all the advantages on Proton pass.
Also a way of implementing this on the browser extension would be nice. Like that you decrypt it once when your machine starts up and it will lock as you shut it off again so when you reboot you will have to reenter the Master Password and plug in the security key.

the key concern is the following - offering passkey authentication is effectively pointless in terms of security if at all times i could still access proton with an authenticator app. i believe proton out of everyone should understand how insecure authenticator apps really are.

Bitwarden, which also depends on e2e encryption allows you to login without username / password as long as the passkey authenticator supports PRF. It is clearly technically feasible to do. That said, it's not enough to support passkeys -- after enabling, I should be able to turn off my password entirely, as Microsoft Accounts (MSA) now support.

Given all the demands that there are on the development teams, I'd like to underline my support for this feature because a password manager clearly represents a ‘single point of security’ failure and it’s critical that access to it is secure. An external security key is therefore a critical component of its MFA. Thanks

As an architect/developer, It would be a powerful tool for my daily work, especially because i manage the infrastructure on cloud with IaC.

strongbox allows to add yubikey not only for access but also uses it for encryption. I wish proton would support that

This is why I'm still using Bitwarden and not Proton Pass.