Golliwog
My feedback
8 results found
-
2,292 votes
An error occurred while saving the comment Golliwog
supported this idea
·
An error occurred while saving the comment Golliwog
commented
I want segregated security between my password manager and my other services to:
1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.I dislike Proton’s current implementation because:
• using one password across all Proton service is analogous to re-using the same password across multiple websites.
• having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).
Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).
Best luck with this new feature.
-
649 votes
An error occurred while saving the comment Golliwog
commented
On Windows too please!
(It hurts being the Windows guy...)
Golliwog
supported this idea
·
-
3,471 votes
An error occurred while saving the comment Golliwog
commented
In Proton's defence, this is a very hard problem to solve. Contacts are deeply integrated into the Android OS where Google Play Services reside with root privileges. It is like trying to keep the chickens safe from a fox who resides IN the hen house.
I would assume it is almost impossible to accomplish this without users switching to an alternate OS like GraphineOS. Even then, it would be very hard to achieve.Golliwog
supported this idea
·
-
114 votesGolliwog
supported this idea
·
-
1,738 votes
This feature is now a work in progress
Golliwog
supported this idea
·
-
216 votes
An error occurred while saving the comment Golliwog
commented
This can be done with a box like pfSense. See https://protonvpn.com/support/pfsense-wireguard/
An issue arises when you have multiple VPNs using the same subnet. According to Proton support, multiple VPN connections from the same device are possible with this workaround:
"Regarding the feature request, you should be able to use 10.3.0.1 for gateway/DNS, and 10.3.0.2 for your IP.
It also works for 10.4.0.x, 10.5.0.x, etc. (the important thing is that the gateway should be .1)"I have tested and confirmed the solution up to 10.8.0.x.
Also note, your Wireguard listening port (normally 51820) must be unique. I increment mine, eg. 51821, 51822, etc. for every additional connection. The peer port does not change.
-
123 votesGolliwog
supported this idea
·
An error occurred while saving the comment Golliwog
commented
Tailscale is insecure if the coordination server is hosted by a third party. It effectively gives the coordination server access to someone's whole network.
With ProtonVPN, I hate that at home, from my Android phone, I cannot access my local network securely as I have to chose between Always-On VPN and 'LAN Connections'.
I think the above idea about using ProtonVPN with Tailscale exit nodes is based on a similar problem to me. I would suggest Proton looks at my root cause issue and cooks up a better custom solution.
I would love a solution to allow access to my home network (at home and away) with all my traffic routing through a ProtonVPN gateway. (Tailscale tech could be used as a starting point.)
-
148 votesGolliwog
supported this idea
·
I want segregated security between my password manager and my other services to:
1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.
I dislike Proton’s current implementation because:
• using one password across all Proton service is analogous to re-using the same password across multiple websites.
• having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.
I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).
Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).
Best luck with this new feature.