ProtonUser
My feedback
1 result found
-
148 votes
An error occurred while saving the comment An error occurred while saving the comment ProtonUser
commented
Why not have it locked (and thus also encrypted) but to unlock you can use your MFA token/pin/... to unlock it, similar to how you would normally login to the web app?
Ofc, this does also mean that your password (and to a lesser degree your email address) would also be encrypted and not be stored somewhere in clear text on the system.ProtonUser
supported this idea
·
It's not silly. Whilst yes it's true that a keylogger/screenshot spyware is still a risk, it's all about limiting risks. Additional if the app locks the idea should be that it's encrypted in memory making it so that even if windows is locked or another user is logged in they're unable to dump the memory (technically they're still able to dump the memory but it's encrypted data so it's next to worthless, ofc assuming the encryption is safe and doesn't leak the key). (Or when your device is stolen and not shut down).
And arguing that if someone has installed spyware on your unlocked system is a void argument as it would apply to everything even the web app and your bank account, those also lock after a certain amount of time. And whilst information leakage is still at risk here it does prevent the risk of someone using your account in your name. Even protects it against autockickers and hand-on-keyboard activity