Shareable SMS and Email 2FA
Many outdated websites don't offer 2FA apps yet, and require 2FA via SMS codes texted to your phone, or emails.
This means that even if I share a login with someone in my Proton vault, they can't log in without me sending them the 2FA code.
Obviously this is far less secure than the secret key authenticator, but when we don't have a choice it's a necessary feature.
-
h2ogeek commented
If Proton Pass users were allowed to share two-factor authentication (2FA) codes through secure links, this would significantly enhance usability and security; otherwise, a nonsecure medium may be used to share the 2FA.
Feature Overview:
1. Secure Sharing of 2FA Codes:
▪ Enable users to share 2FA codes securely with trusted contacts via a time-limited, encrypted link.
▪ Ensure the recipient can access the shared 2FA code only once or for a limited period, enhancing security.Benefits:
• Enhanced Security: Users can collaborate or assist others without compromising their security credentials by allowing secure sharing.
• Convenience: Simplifies the process of sharing access, especially when quick collaboration is needed. -
Alex Anderson commented
Hello. Proton is almost perfect. It has perfect design and features. But one important security feature is missing.
Please, add the 2FA by phone SMS code when there is a login from new, not trusted device or country.
All other big email services have it. It's a very useful security feature.
Right now you have only 2FA by App. Also it sends the code for every new login. It's time wasting and not comfortable.
Make available 2FA by phone SMS code only when the login is suspicious, as I explained in the beginning.
I have tried this 2FA on other email sites, and it's perfect.
This 2FA is the most easy and comfortable to use.
P.S. Did you know many people don't use smartphones, only phones?
-
[Deleted User] commented
Very true. There is a kind of nonsense in the fact that Proton proposes to take care of our A2Fs while we have to have an A2F application to secure our Proton account...
I want to secure my account with my phone number, and why not do what Google does: send a notification on a device already connected to the account to accept a new device. -
S commented
Double authentication (2FA) using phone number. Proton pass allows you to save authentication codes, but it's risky if you get disconnected. You have to find a solution for customers who trust you and who all have their account with you... At this point, either you take the risk of being logged out and permanently losing access to your account, or you disable dual authentication, which would make your account more vulnerable, or you have to download a dual authentication app just to log in proton.... It's a bit ridiculous