I'm absolutely shocked.
I paid for an Unlimited subscription and specifically bought hardware security keys (YubiKeys) because Proton advertises support for them.
Only now do I discover that it's impossible to disable the TOTP app and use hardware keys as the sole 2FA method.
This completely defeats the entire purpose of having a phishing-resistant hardware key, the overall account security is reduced to the weakest link (a 6-digit TOTP code that can be phished, stolen from a phone backup, or extracted by malware).
Right now my expensive keys are basically useless for protecting my Proton account, and the security level is no better than any free provider that only offers TOTP.
This has been the #1 or #2 most requested feature for over 4 years with thousands of votes, yet there's still no ETA.
I feel misled.
John
I'm absolutely shocked.
I paid for an Unlimited subscription and specifically bought hardware security keys (YubiKeys) because Proton advertises support for them.
Only now do I discover that it's impossible to disable the TOTP app and use hardware keys as the sole 2FA method.
This completely defeats the entire purpose of having a phishing-resistant hardware key, the overall account security is reduced to the weakest link (a 6-digit TOTP code that can be phished, stolen from a phone backup, or extracted by malware).
Right now my expensive keys are basically useless for protecting my Proton account, and the security level is no better than any free provider that only offers TOTP.
This has been the #1 or #2 most requested feature for over 4 years with thousands of votes, yet there's still no ETA.
I feel misled.