Agreed, this is critical. Having a phishing-resistant 2FA is essential.

Not everyone wants to deal with authenticator apps — and honestly, I get it. They’re useful, but sometimes clunky or just not ideal in every situation. That’s why I started using a physical security key for authentication instead. It’s simple, fast, and adds a strong layer of protection without relying on your phone or an app. For people who want a more straightforward but still highly secure method, it’s a great alternative. And this kind of practical, user-friendly security is exactly what companies like Clearnetwork http://clearnetwork.com/ focus on. Since 1996, they’ve been helping organizations — both public and private — build smarter cybersecurity strategies that actually work in the real world. Whether it’s helping teams implement hardware-based security like keys, or managing complex infrastructure from behind the scenes, Clearnetwork delivers affordable solutions that make strong security accessible to everyone.

This is a very important one, I don't wan't ALL my passwords locked behind a 6 digit key. Having my password behind a yubikey would give me much more peace of mind.

How is this still not implemented? It boggles the mind.

Having all my passwords and keys in one place and needing only a PIN to access it feels wrong. I'm using a PIN, because the password is the same for all Proton services and I don't want to change it to something I can remember. I'd rather use my YubiKey together with a PIN. This way my passwords will be safe even when someone gains access to my laptop.

Simply to be able to use a Yubikey to login Proton pass, but it will use a seperate mfa from the proton account. Just like Extra Password. Because I like the fact that my Proton Pass locks after 5min, but it is quite annoying to always type my long password. (I do not want to use a PIN) so being able to leave my Yubikey plugged in would make it better for me

A chain is only as strong as the weakest link. Remove the authentication app requirement so we can have a stronger chain with a pass key only.

I look forward to see the implementation of this new feature as indicated on your roadmap: https://proton.me/blog/proton-pass-roadmap-winter-spring

Turn off auth app and leave the keys only option available . Auth app is less secure than keys. I have four of them, losing one is not critical at all

In addition to physical security keys, this should also work with platform keys, like Windows Hello for instance.

I made a ticket for this same reason. This was posted over a year ago and under review for 6 months. This is a trivial change to make, what is taking so long?

The features of Proton Pass are more or less completely defeated by locking everything behind a 6 digit pin.

Whats the point of attaching my security key at all? I never need it. You offer "two password mode". Who even wants that? The second password should be the security key and the security key should be required to return from lock out in addition to the PIN.

BETTER YET, the lock out settings should be more configurable. For example, different timer lengths on the security key vs the pin. Used the security key < 1 hour ago? Ok cool, unlock with the pin, > 1 hour you need both. Etc.
This is on top of other oddities with the security key implementation that makes it unwieldly or not work very well with NFC, etc etc etc.

Get your **** together, this should have been done 150 yesterdays ago.

Again, this is a relatively trivial change that is as others have mentioned VERY IMPORTANT for security.

If your team is incapable of implementing this then I am available for hire. Hit me up, I like extra money.

Not to mention, WHY CAN I NOT JUST USE MY PROTON LOG IN TO POST ON YOUR OWN TICKET BOARD??? YOU OFFER GOOGLE AND FACEBOOK LOG IN BUT NOT YOUR OWN?? WHO IS IN CHARGE OVER THERE????

The intended use case for ProtonPass makes it a place of unique importance, so being able to lock it extra tight would be very appreciated.

I kinda expected this to be there allready, hope it will be added soon.
challenge-response with yubikey specifically is what I need.

I'm surprised this wasn't prioritized in the initial design.

Agree on all the previous comments. Security-wise, there is no point of adding a security key, if the authenticator app option must remain active. That way, the authenticator app remains the weak(er) link. Please @Proton, add this option as soon as possible.

Really surprised it is not possible to disable the authenticator app 2FA method and use only the security key option.

Yubikey support please, on browser, desktop, and mobile.

As a startup Proton user I am just starting to browse these user opinions. I write as a developer who started up one of the first biometric systems in U.K. based on dynamic signatures back in the '80s.
Today as an octogenarian developer I value the simplicity of using Google Titan Key to login to accounts such as Heroku. Simples!
Consider the hassle if your 2FA mobile is not available to receive. I abhor idea of facial recognition (I resemble the old Gabby Hayes of vintage westerns). One Logitech webcam I bought to appease some accounts verifying my identity only works on Windows not Ubuntu. It only works when I dual boot from Ubuntu into Windows.
User memory of phrases or images combined with security dongle is a good compromise to complement passwords. There is too much hassle today in managing many, many subscribed accounts. And has anybody considered a "dead man's handle" process for non technical executors (not familiar with Proton) to apply when Proton account owner falls under a bus? How to verify identity of legal executor to wind down an array of active accounts? A backup Google Titan Key (held by executor) makes this succession task easier in my view.

And incidently why stick an X post alongside this comment field? I am not interested in Musk land. Then I spotted "Post comment" further down. First time fumbling around I guess.

I’m disapointed not to be able to use yubikey as the primary login.

Agreed. For increased security, I would love to disable the authenticator app ability and only login with my physical yubikeys. Perhaps the interface can force a minimum of 2 yubikeys to do this to ensure the end user has a backup plan.