Proton warns to not use 2fa from Proton Pass for your Proton account.
this post was submitted on 16 Jan 2024
30 points (94.1% liked)
Asklemmy
43771 readers
1843 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
Yeah, from what I've read the best approach is a different service for 2fa and/or something involving backups and a physical safe.
What? Really?
Yes. I seem to recall that it will change later on, but i don't know when
Sounds like it's time for some correcthorsebatterystaple!
Password manager inception. Sign up for last pass, and bitwarden, and Google auth and Ms auth. Get a burner phone and rotate and change passwords monthly.
...sorry for my useless post.
Use a passphrase (not a password) and a physical security key, like a yubikey. It also supports TOTP or whatever 2fa Proton uses, you just connect it with a laptop or phone and it gives you a key.
A physical key is much more secure than 2fa from a password manager (although both are probably fine)
In my opinion the centralization of all your data and secrets to one single company is itself a security risk. When I realized that, I completely stopped using proton. I see 2 main issues with using all-proton: 1. they could turn evil (like a lot of big companies do) 2. They can have exploits which then can effect all your data / secrets. I switched to have a different company for each service and I don't really pay more than what I would have to pay proton to get the same things.
Best thing you can do is learn a very strong and complex password to use for your proton account, that's what I did.
It takes a bit of time but eventually you'll learn to type it in fast.
Okay lets say I set a memorable password then I would also be removing 2fa from account as well?
I use all of Protonβs products as well. Iβve found a Yubikey works best for the 2FA codes. Iβm also working on having a backup password manager
Im in the same boat. They really need to allow a second password for the pass database.
Maybe diceware passwords can help you?
proton pass has a few non-email avenues to recovery. check it out.
I use a password manager
Proton pass is a password manager but it uses the same account as proton mail. So I can't have a secure password for proton mail as I would have to use it to login to proton pass first.
Useless
Either have a strong password and write it down somewhere, or use another password manager for proton? That seems kinda unnecessary though. Would be nice if proton supported yubikey or passkey or something.