this post was submitted on 28 Nov 2023
16 points (100.0% liked)

Proton

5246 readers
152 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

I'm migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I'm stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I'm in, I can use Pass for the rest of the 2FAs?

What do you do?

all 16 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 11 months ago* (last edited 11 months ago)

It’s recommended to keep your Proton 2FA separate from Proton Pass. I think they wrote a blog post about it, I’ll link it here if I find it

Edit:

Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

https://proton.me/support/pass-2fa

[–] [email protected] 3 points 11 months ago (1 children)

Not an answer to your question, just another one connected to it: Is using the same software for storing passwords and 2FA beating the whole purpose of 2FA in some way? For example if someone can get a hold of your proton account somehow, there's no additional layer of security provided by the 2FA.

[–] akilou 2 points 11 months ago (1 children)

I thought the same thing which is why I'm only switching over now. I switched one account just as a test, but I liked being able to access it from the browser. Maybe it's less secure but only if someone gets my Proton account itself, which is protected by 2fa in a different app.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

Understandable. I'm also struggling sometimes to find the right balance between comfort and security/privacy.

[–] [email protected] 2 points 11 months ago

I actually use a YubiKey (WebAuth)for my password manager. But I also have my OTPs in Aegis that's locally backed up.

[–] netchami 1 points 11 months ago (1 children)

Authy really sucks, you can use Aegis on Android or ente Auth on iOS.

[–] akilou 1 points 11 months ago (1 children)

Sure but do I split off my Proton account from the rest?

[–] netchami 1 points 11 months ago (1 children)

What do you mean? You just add your Proton Account to an authenticator app (not Proton Pass) and you keep all of your other stuff in Proton Pass.

[–] akilou 1 points 11 months ago (1 children)

That is what I mean. Does it make sense to have one app (Aegis) just for one account (Proton) and then another app (Pass) for all other 2FAs?

[–] netchami 1 points 11 months ago

There's nothing wrong with this setup. Of course, it's more secure to keep your passwords separate from your 2FA tokens, I store them in Aegis and only use my password manager for my credentials.