Unlock through hardware / security key (e.g. yubikey)
In addition to unlock our vault through a 6 digit pin, it would be nice to be able to unlock it through physical security keys.
The current 6 digit cap as well as the divided input field (2x3 digits) make it impossible to utilize such a security key when configured to output a static password.
-
Dave commented
I look forward to see the implementation of this new feature as indicated on your roadmap: https://proton.me/blog/proton-pass-roadmap-winter-spring
-
Bob Cronin commented
In addition to physical security keys, this should also work with platform keys, like Windows Hello for instance.
-
NoThx commented
I made a ticket for this same reason. This was posted over a year ago and under review for 6 months. This is a trivial change to make, what is taking so long?
The features of Proton Pass are more or less completely defeated by locking everything behind a 6 digit pin.
Whats the point of attaching my security key at all? I never need it. You offer "two password mode". Who even wants that? The second password should be the security key and the security key should be required to return from lock out in addition to the PIN.
BETTER YET, the lock out settings should be more configurable. For example, different timer lengths on the security key vs the pin. Used the security key < 1 hour ago? Ok cool, unlock with the pin, > 1 hour you need both. Etc.
This is on top of other oddities with the security key implementation that makes it unwieldly or not work very well with NFC, etc etc etc.Get your **** together, this should have been done 150 yesterdays ago.
Again, this is a relatively trivial change that is as others have mentioned VERY IMPORTANT for security.
If your team is incapable of implementing this then I am available for hire. Hit me up, I like extra money.
Not to mention, WHY CAN I NOT JUST USE MY PROTON LOG IN TO POST ON YOUR OWN TICKET BOARD??? YOU OFFER GOOGLE AND FACEBOOK LOG IN BUT NOT YOUR OWN?? WHO IS IN CHARGE OVER THERE????
-
lazar commented
The intended use case for ProtonPass makes it a place of unique importance, so being able to lock it extra tight would be very appreciated.
-
Levi commented
I kinda expected this to be there allready, hope it will be added soon.
challenge-response with yubikey specifically is what I need. -
user0147 commented
I'm surprised this wasn't prioritized in the initial design.
-
danieldddddd commented
Yubikey support please, on browser, desktop, and mobile.
-
datavectors commented
As a startup Proton user I am just starting to browse these user opinions. I write as a developer who started up one of the first biometric systems in U.K. based on dynamic signatures back in the '80s.
Today as an octogenarian developer I value the simplicity of using Google Titan Key to login to accounts such as Heroku. Simples!
Consider the hassle if your 2FA mobile is not available to receive. I abhor idea of facial recognition (I resemble the old Gabby Hayes of vintage westerns). One Logitech webcam I bought to appease some accounts verifying my identity only works on Windows not Ubuntu. It only works when I dual boot from Ubuntu into Windows.
User memory of phrases or images combined with security dongle is a good compromise to complement passwords. There is too much hassle today in managing many, many subscribed accounts. And has anybody considered a "dead man's handle" process for non technical executors (not familiar with Proton) to apply when Proton account owner falls under a bus? How to verify identity of legal executor to wind down an array of active accounts? A backup Google Titan Key (held by executor) makes this succession task easier in my view.And incidently why stick an X post alongside this comment field? I am not interested in Musk land. Then I spotted "Post comment" further down. First time fumbling around I guess.
-
Thomas Senn commented
I’m disapointed not to be able to use yubikey as the primary login.
-
Carlos Eduardo commented
Could also use biometrics when available
-
[Deleted User] commented
Yeah, this should have already been added.
-
Ansel commented
The absence of this feature is the reason I'm still using KeePass and will not switch to proton pass. As others have written, this amount of security is in my opinion crucial for something thats so security critical
-
Geir Illing Nordvik commented
Unlocking with a security key and disabling logging in with a pin would be great.
I have the extension on my work computer, but this is a computer in a space where others can access the machine. Even though I lock it, it is still a security risk.
If the extension doesn't recognize my security key it should be locked until it is plugged in again. This would be a huge bump in security for me.
-
Niklas Gustafsson commented
Bitwarden, which also depends on e2e encryption allows you to login without username / password as long as the passkey authenticator supports PRF. It is clearly technically feasible to do. That said, it's not enough to support passkeys -- after enabling, I should be able to turn off my password entirely, as Microsoft Accounts (MSA) now support.
-
FBS commented
Given all the demands that there are on the development teams, I'd like to underline my support for this feature because a password manager clearly represents a ‘single point of security’ failure and it’s critical that access to it is secure. An external security key is therefore a critical component of its MFA. Thanks
-
César commented
As an architect/developer, It would be a powerful tool for my daily work, especially because i manage the infrastructure on cloud with IaC.
-
michael commented
strongbox allows to add yubikey not only for access but also uses it for encryption. I wish proton would support that
-
gk23vj5 commented
This is why I'm still using Bitwarden and not Proton Pass.
-
Shawn commented
We need support for Yubikeys for this unlock feature and we can setup how often we want the lock to occur before using the security key again.
-
Thomas Holz commented
Ohne die Nutzung des Yubikey´s oder eines hardwareschlüssels geht da garnichts das ist quasi die letzte instanz bevors heftig knallt
Passwortloses einloggen währe natürlich noch besser so das nur der Yubikey auf hardwarebasis möglich währe > wenn der flöten geht geht freischaltung ausschließlich über beglaubigten zugang von Dienststelle beispielsweise polizei mit beglaubigter lichtbildkopie.Apple braucht sogar 2 hardwarekeys was ich schon recht krass finde, wenn einer weg ist hätte man noch einen als " notfall" dieser könnte ja beispielsweise bei der bank liegen. Kostet zwar bisschen was aber ..... wenn der zugang zum pass erstmal da ist ist quasi feierabend. und das kostet wesentlich mehr