Option to add Secret Key (like how 1Password has)
I think Proton Pass should let the user decide to add a secret key along side their master password to their Proton Pass account.
So, similar to how 1Password creates their secret key to protect 1Password users.
The option should be opt-in as the user needs to add it during the sign up process or needs to go into settings if not already configured to add to the user's Proton Pass account.
This feature adds additional security as if the master password is discovered. The account still can't be accessed without the secret key.
-
rpaulson commented
I would like to add an important point that I overlooked in my initial comment.
The combination of "Proton master password + extra password for Proton Pass" is somewhat similar to the "1Password secret key + 1Password master password" setup, but it has a significant flaw, in my opinion.
With 1Password, if I store my secret key, my 2FA secret, and my master password within the app, I can ask a trusted person (someone I would also grant emergency access if that feature were available) to securely store my secret key and 2FA secret in their password manager. In the event that I get locked out of all my devices, this trusted person could use those two pieces of information to help me regain access to my account. Crucially, while both secrets are necessary for access, they are not sufficient on their own. As long as I continue to use a strong master password, the trusted person cannot gain full access to my account.
However, this setup is not possible with Proton. If I use the extra password for Proton Pass as my main password to access the password manager, I cannot share my random, high-entropy Proton master password (which is stored only in Proton Pass) along with the 2FA secret with a trusted person. Doing so would grant them access to all my other Proton services, something I obviously want to avoid.
-
rpaulson commented
I also like the secret key feature, but I guess, if you set up an extra password for Proton Pass you can think of the Proton master password as your secret key. You'll only need it to sign in (similar to the secret key and 1Password). Afterwards you use the extra password (similar to the 1Password master password) to unlock your vaults. So even if, for example, a camera records you typing your extra password, you should be fine, as long as you have a high entropy Proton master password and a potential attacker doesn't get hold of a device that is locked but where you're signed in already.