Don't void the PIN configuration after logout!
Support handles this as feature request while in my opinion this is a major security flaw!
At least on iOS, the issue is very easy to reproduce:
- login to iOS pass app with proton account
- enter the second password
- configure a PIN code …
- completely log out from proton pass or enter a wrong PIN code 3 times which will log you out automatically
- login with proton account again
- enter the second password
- now… the PIN code configuration is gone. App can be opened without the Pin!!!! So if you don’t remember to enable it again security is broken!
Anonymous
shared this idea
-
Steve Johnson
commented
I can reproduce this every time. The solution is to revert to Proton Account login and/or Extra password if configured.
-
Sea_Level
commented
Yes, this is pretty frustrating. Happens in iOS, Mac App, extension etc. I opened a support ticket and was told this was expected behavior.
Below is what I what I received from support. Responsive and helpful, but should absolutely be addressed. Hope they give this serious consideration.
****************************************************************************
Please note that you are seeing this because, the settings get back to default every time you log out. This is the intended behavior of Proton Pass.
This is the same with the PIN. The PIN is per session, meaning once you log out of the app, you will need to set up a new PIN lock.
However, we will forward this to our developers, and hopefully, they will be able to provide a permanent theme and auto-lock settings.
************************************************************************ -
Ale
commented
Same on the web app.
sometimes, no clear what the trigger is, maybe a software update or something else and proton Pass logs you out.
Once you log in again the pin code is gone.The problem is that, if you have a valid session on proton mail, logging in again it wont ask for the second factor, and of course we all have password and username saved in the browser.