Thomas Anderson
My feedback
2 results found
-
140 votes
An error occurred while saving the comment An error occurred while saving the comment Good point Forged.
This security option should indeed apply to other OSes as well, such as Mac OS X and Linux.The Proton team has always strived for the best in terms of security and privacy.
So I trust that they will also read this comment section and if they're going to implement it for one OS, it would seem logical they will add this for other OSes as well.
An error occurred while saving the comment Great additions shopping887 and Schteek2000! I would like those features as well.
-
922 votes
An error occurred while saving the comment The things is: using e-mail by definition exposes your username to others. That same username is used to login.
Why would we expose this username externally at all?
A custom username (e.g. 20 or more random characters) being the only credential that can be used prevents this.
An error occurred while saving the comment Dear Proton,
First of all thank you for all the great work and efforts, I think you are a fantastic company. For real!
The situation is, many of us may have used our protonmail e-mail addresses in the past to register at external websites (shops etc.) way before Simplelogin was introduced.
Having multiple e-mail addresses that are able to login to the master Proton account increases the attack surface, if a hacker breaches a webshop and obtains our Proton e-mail addresses.
Could we please gain the option to login with a custom username only and disable all login with protonmail.com, proton.me and pm.me e-mail addresses? So the option = only authenticate with 1 custom username.
This way we can create a long secret username that is never shared externally, e.g. in your password manager, and it increases the security because any e-mail addresses that might have been obtained in the various recent breaches are not able to login to the Protonmail account (e.g. if they try to bruteforce it.)
The ideal scenario would be:
Login with password, secret username and 2FA = never shared externally. Only credential with authorization rights to login.
Protonmail / proton.me / pm.me = rarely shared externally. Can only send mail, use Proton functions.
Simplelogin domains = freely shared externally for e-mail purposes, create new alias when compromised and disable old one.
This is not paranoid. Take a look at the news recently. The current cybersecurity climate demands us all to step up our game and remain ahead. Please implement this.
Thanks for reading this far.
Thrr-Gilag that was the first thing that I tried actually, way back.. however this appears to not be the case. Because this results in an error during the setup process of your Proton folder (when choosing the location). It then says it cannot use this sort of drive to configure a Proton Drive folder.
In a similar fashion it also gives this error when putting the Proton folder on a network drive. You can only seem to choose a local physical disk as a sync folder for Proton Drive (in Windows).
Perhaps you mean the other way around? Putting a Veracrypt volume file container inside the Proton folder. That is possible. But that is a hassle though, because you then still have to use another application to do something the app should be able to do by itself. As Proton Drive Windows should mimc the functionality and security of Proton Drive online, i.e. being encrypted. It simply the extension of functionality that already exists in the cloud, to the on-premise local PC.
I think Proton Drive is a great idea, which is why my viewpoint is - why would you first create a very secure cloud storage, encrypted, with 2FA etc.
And then create an extension to that functionality to a local PC, but 're-open the doors' you so carefully shut for security reasons in the cloud?
Now everybody's use case is different of course. So that's why I mentioned it should be an option. So users who want to keep things as it is can choose a less restrictive security option.