denby41
My feedback
6 results found
-
2,293 votes
An error occurred while saving the comment denby41
supported this idea
·
-
507 votesdenby41
supported this idea
·
-
114 votesdenby41
supported this idea
·
-
1,738 votes
This feature is now a work in progress
denby41
supported this idea
·
-
219 votesdenby41
supported this idea
·
-
577 votesdenby41
supported this idea
·
Given the single-sign-on account cookie hijacking threat described here, in a 2018 helpnetsecurity.com article:
https://www.helpnetsecurity.com/2018/08/22/single-sign-on-account-hijacking-threat/
I am extremely concerned about the risks entailed in the use of my ProtonMail password for any other Proton services.
In response to the comment below, by Jelmer Hartman, users should have the option to employ as much security to their E2E encrypted accounts as they wish. Perhaps it is true that some may wish to use a simple password to secure their password managers, but others of us are coming from outside password managers which already have a complex master password that we have known for years, and which, additionally,, is backed up, elsewhere, in the event that there is ever a problem with it. In that scenario, it is not so much a matter of wanting to store a strong password and secure it with a weak password -- OR one of securing a weak password with another weak one -- but basic account security to require unique strong passwords for every individual critical account. I, myself, do not have any technical computer training, but the lack of this capability through Proton's leaving of the initial password in place and simply adding another one to it, both of which can be used to access ProtonPass, is what is stopping me dead in my tracks from adopting their password manager. Until this product is capable of being secured as well as my current password manager (leaving my ProtonMail account also fully secured), it will not be a serious option for me to consider employing.