rpaulson
My feedback
13 results found
-
Recovery phrases shouldn't be instant access – A safer alternative: recovery phrase + delayed access
5 votesAn error occurred while saving the comment An error occurred while saving the comment rpaulson
commented
ADDITION: 1Password preserves 2FA by requiring email verification during recovery. However, this approach is far from ideal. Many users store their email credentials within the password manager itself, creating a circular dependency with no clear point of entry in case of lockout. In my view, a delayed access mechanism would be a more practical and robust solution.
rpaulson
shared this idea
·
-
2,294 votes
An error occurred while saving the comment rpaulson
commented
Potentially helpful information for other users:
I was surprised to learn that Proton Support can reset the extra password (confirmed by their support team), while the recovery phrase cannot be used to reset it. This indicates that the extra password is not part of the end-to-end encryption process, but rather functions as an additional authentication step. It would be helpful if this were clearly explained next to the option to enable the extra password.I also support the feature request mentioned here: it would be greatly appreciated if Proton Pass offered a true separate password that is used both for authentication and encryption.
rpaulson
supported this idea
·
-
2,633 votes
Subscribers now have access to offline view with the introduction of the Proton Pass desktop app for Windows:
For more information, including what's coming next, check out: https://proton.me/blog/proton-pass-windows-app
rpaulson
supported this idea
·
-
102 votesrpaulson
supported this idea
·
-
518 votesrpaulson
supported this idea
·
-
1,374 votesrpaulson
supported this idea
·
-
15 votes
An error occurred while saving the comment rpaulson
commented
+1
I agree, it's quite frustrating.
In my opinion, a new user (i.e., someone setting up a device for the first time) should be asked about their preferences (such as theme, autofill, autosave, etc.) and those choices should be saved as their default settings. However, users shouldn't need to reconfigure all these settings every time they log in from a new device, or even from a known device after logging out and logging back in.
If users want to deviate from their default settings on a specific device, they can simply adjust them. Most users are aware that apps typically have a settings menu—there’s no need to present all these options every time they log in.
rpaulson
supported this idea
·
-
15 votes
An error occurred while saving the comment rpaulson
commented
I would like to add an important point that I overlooked in my initial comment.
The combination of "Proton master password + extra password for Proton Pass" is somewhat similar to the "1Password secret key + 1Password master password" setup, but it has a significant flaw, in my opinion.
With 1Password, if I store my secret key, my 2FA secret, and my master password within the app, I can ask a trusted person (someone I would also grant emergency access if that feature were available) to securely store my secret key and 2FA secret in their password manager. In the event that I get locked out of all my devices, this trusted person could use those two pieces of information to help me regain access to my account. Crucially, while both secrets are necessary for access, they are not sufficient on their own. As long as I continue to use a strong master password, the trusted person cannot gain full access to my account.
However, this setup is not possible with Proton. If I use the extra password for Proton Pass as my main password to access the password manager, I cannot share my random, high-entropy Proton master password (which is stored only in Proton Pass) along with the 2FA secret with a trusted person. Doing so would grant them access to all my other Proton services, something I obviously want to avoid.
An error occurred while saving the comment rpaulson
commented
I also like the secret key feature, but I guess, if you set up an extra password for Proton Pass you can think of the Proton master password as your secret key. You'll only need it to sign in (similar to the secret key and 1Password). Afterwards you use the extra password (similar to the 1Password master password) to unlock your vaults. So even if, for example, a camera records you typing your extra password, you should be fine, as long as you have a high entropy Proton master password and a potential attacker doesn't get hold of a device that is locked but where you're signed in already.
rpaulson
supported this idea
·
-
651 votesrpaulson
supported this idea
·
An error occurred while saving the comment rpaulson
commented
+1
-
26 votes
An error occurred while saving the comment rpaulson
commented
I also miss a feature that allows you to easily distinguish between two accounts.
A simple workaround is to create a filter in each account that applies a label "Account1" and "Account2" with two different colors to all incoming mails. Not the ideal solution, but at least there is a visual indication of which account is active.
rpaulson
supported this idea
·
-
31 votes
An error occurred while saving the comment rpaulson
commented
I agree. It's currently the only reason that stops me from subscribing to Proton Family.
Proton Unlimited (1 user) = 3 domains
Proton Duo (2 user) = 3 domains
Proton Family (6 user) = 3 domainsMakes no sense to me =)
I get that it's maybe not necessary to have 6 x 3 = 18 domains, but it should upscale at least a little bit compared to the individual plan.
rpaulson
supported this idea
·
-
358 votesrpaulson
supported this idea
·
-
147 votesrpaulson
shared this idea
·
With the new Emergency Access feature, it's now possible to set up a recovery phrase that includes a delayed access mechanism. Proton subscribers can create a second free account (if permitted by Proton) and designate it as a trusted contact.
By securely storing the recovery phrase for this secondary account, users can ensure immediate access to this trusted account, which in turn provides delayed access to the primary account. This setup offers an additional layer of security and control for account recovery.
That said, IMO it would be ideal if this workaround weren’t necessary, and the recovery phrase itself supported delayed access directly.