Shareable SMS and Email 2FA
Many outdated websites don't offer 2FA apps yet, and require 2FA via SMS codes texted to your phone, or emails.
This means that even if I share a login with someone in my Proton vault, they can't log in without me sending them the 2FA code.
Obviously this is far less secure than the secret key authenticator, but when we don't have a choice it's a necessary feature.
-
[Deleted User] commented
Very true. There is a kind of nonsense in the fact that Proton proposes to take care of our A2Fs while we have to have an A2F application to secure our Proton account...
I want to secure my account with my phone number, and why not do what Google does: send a notification on a device already connected to the account to accept a new device. -
S commented
Double authentication (2FA) using phone number. Proton pass allows you to save authentication codes, but it's risky if you get disconnected. You have to find a solution for customers who trust you and who all have their account with you... At this point, either you take the risk of being logged out and permanently losing access to your account, or you disable dual authentication, which would make your account more vulnerable, or you have to download a dual authentication app just to log in proton.... It's a bit ridiculous