This is absolutely needed!
I'm waiting to fully move my email and sensitive data to Proton, but will not make the move until they only have usb key (no soft 2fa key).

this is amazing post you may also visit this https://justiceconsumerlaw.com/

TO Privacy 101 and Timo: You can't setup Mailbridge without it. So, no, never using it is not an option (sounds like from the comments you can't get away with not using it with Proton Pass also. Don't use it personally, so can't confirm)

Why is this not implemented yet? It's been 18 months. This undermines the security of Proton's services, which if they haven't figured it out (marketing seems to have) that's why most of us use this service. Besides it adding to the nightmare of your phone dying, lost or stolen, it's an attack vector that is not possible with physical security keys. Regardless, I do not want any more apps. I do not want any more dependence on a privacy invasive tracking device.

PLEASE fix this

If you have TOTP and could write down the TOTP secret + Security Keys + account recovery code and , then whey is there still a need for those short TOTP backup codes, which seem to be by far the weakest link.

Have only one TOIP generated, verify it and then delete the key. Magic.

While I agree that this should be an option, I just wanna remind everyone that the only reasonable attack vector of TOTP is phishing.

Meaning if you never use it and just refuse to authenticate with it, always use your hardware keys instead you are safe.

Provided you store your TOTP credentials in a safe place… or not store them at all after setup – that’s up to you.

Guessing TOTPs is not viable and in any scenario where an attacker gained enough privileges to somehow reach your stored OTP credentials, wherever you store them, you are usually in a lot of trouble already anyways… meaning if it comes that far it doesn’t really matter anymore, you are screwed already.

Just want to point out that I nearly lost access to all my credentials because I decided to try Proton Authenticator. When you register a yubikey with it, it overwrites slot 2. I know this because I was suddenly unable to get into the keepass db which had my existing TOTP stuff and MY PROTON ACCOUNT PASSWORD.

The only reason I was able to salvage the situation is I hadn't used my laptop recently enough to have migrated, so I had an old copy of my full keepass db. Which I will continue using instead of Proton Pass, because you couldn't pay me to put my passwords in the cloud if I can't even put 2FA on them. Quite literally, I have 2FA at home. I don't need Proton's. Phone authenticators rely on hardware that is known to be compromised!

This is making me strongly reconsider having a Proton account at all. I have had it for one day, and it nearly ruined my life. For a company that markets paranoia, Proton is really bad at it.

PS: the authenticator is orphaned on arch linux, so I couldn't even try it on desktop

PPS: I have suffered permanent data loss because an external drive I forgot about was secured with the old HMAC secret.

This is probably the most important security upgrade you could do. Until I can secure my account in general and especially proton pass with yubikeys, it can't completely replace keepass. I'm not putting TOTP or passkeys into something that doesn't ask for a challenge-response from one of my password-protected keys. I actually don't want my credentials in the cloud at all, but I sometimes need to share creds with people who don't touch computers enough to set up both keepass and syncthing. I'd be doing this without you if I didn't have family.

I just want to point out that if somebody who just got your service yesterday is already making an account on your feedback website and upvoting a complaint with comments going back more than a year, you're making them seriously regret their purchase.

More and more people, such as myself are putting down the smartphones, and going back to dumb phones. Requiring an authenticator app is aggravating when I have physical keys on me at all times. ****** me off when I have to dig through a drawer, charge the **** thing and turn it on just for the authenticator app. I hate the GD app. Please make it go away. Sadly I know it won't because you get revenue from it. I'd rather pay an increased subscription than to subsidize app features.

Agreed, this is critical. Having a phishing-resistant 2FA is essential.

This is a very important one, I don't wan't ALL my passwords locked behind a 6 digit key. Having my password behind a yubikey would give me much more peace of mind.

How is this still not implemented? It boggles the mind.

Having all my passwords and keys in one place and needing only a PIN to access it feels wrong. I'm using a PIN, because the password is the same for all Proton services and I don't want to change it to something I can remember. I'd rather use my YubiKey together with a PIN. This way my passwords will be safe even when someone gains access to my laptop.

Simply to be able to use a Yubikey to login Proton pass, but it will use a seperate mfa from the proton account. Just like Extra Password. Because I like the fact that my Proton Pass locks after 5min, but it is quite annoying to always type my long password. (I do not want to use a PIN) so being able to leave my Yubikey plugged in would make it better for me

A chain is only as strong as the weakest link. Remove the authentication app requirement so we can have a stronger chain with a pass key only.

I look forward to see the implementation of this new feature as indicated on your roadmap: https://proton.me/blog/proton-pass-roadmap-winter-spring

Turn off auth app and leave the keys only option available . Auth app is less secure than keys. I have four of them, losing one is not critical at all

In addition to physical security keys, this should also work with platform keys, like Windows Hello for instance.

I made a ticket for this same reason. This was posted over a year ago and under review for 6 months. This is a trivial change to make, what is taking so long?

The features of Proton Pass are more or less completely defeated by locking everything behind a 6 digit pin.

Whats the point of attaching my security key at all? I never need it. You offer "two password mode". Who even wants that? The second password should be the security key and the security key should be required to return from lock out in addition to the PIN.

BETTER YET, the lock out settings should be more configurable. For example, different timer lengths on the security key vs the pin. Used the security key < 1 hour ago? Ok cool, unlock with the pin, > 1 hour you need both. Etc.
This is on top of other oddities with the security key implementation that makes it unwieldly or not work very well with NFC, etc etc etc.

Get your **** together, this should have been done 150 yesterdays ago.

Again, this is a relatively trivial change that is as others have mentioned VERY IMPORTANT for security.

If your team is incapable of implementing this then I am available for hire. Hit me up, I like extra money.

Not to mention, WHY CAN I NOT JUST USE MY PROTON LOG IN TO POST ON YOUR OWN TICKET BOARD??? YOU OFFER GOOGLE AND FACEBOOK LOG IN BUT NOT YOUR OWN?? WHO IS IN CHARGE OVER THERE????