Proton releases a new app for two-factor authentication
Technology
101
Beiträge
56
Kommentatoren
31
Aufrufe
-
cross-posted from: https://piefed.zip/post/289079
-
cross-posted from: https://piefed.zip/post/289079
I guess it's kinda nice. They already had this in Proton Pass, but I guess not all accounts have access to that as a bundle maybe?
-
cross-posted from: https://piefed.zip/post/289079
Hmm... I'm not sure about having an authenticator app on a desktop computer.
Like you are putting all your eggs in one basket. Password managers, and your emails already go to one place for authentication. Adding an authenticator means if your computer is compromised, a person can have access to more accounts.
I always figured this is why desktop authenticator apps aren't a thing.
-
cross-posted from: https://piefed.zip/post/289079
That’s amazing
-
Hmm... I'm not sure about having an authenticator app on a desktop computer.
Like you are putting all your eggs in one basket. Password managers, and your emails already go to one place for authentication. Adding an authenticator means if your computer is compromised, a person can have access to more accounts.
I always figured this is why desktop authenticator apps aren't a thing.
The alternative for people who want a convenience factor is putting it all in the same location. For example, the only thing Authy for desktop closing did for me was make it so I no longer had an isolated app for both 2FA and passwords, because now it's just all in my password manager.
I don't always have my phone on me 24x7, so the inability to access things on my desktop is a massive nope for me.
The way I looked at it, it's no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
This application might make me go back into having the two isolated systems, because it removes the massive inconvenience factor
-
cross-posted from: https://piefed.zip/post/289079
Fantastic, wish they prioritised stuff like this instead of AI but at least it's here now. Now please make a dedicated contacts app so I can stop using Google contacts too!
-
cross-posted from: https://piefed.zip/post/289079
fuck yeah, goodbye authy
-
The alternative for people who want a convenience factor is putting it all in the same location. For example, the only thing Authy for desktop closing did for me was make it so I no longer had an isolated app for both 2FA and passwords, because now it's just all in my password manager.
I don't always have my phone on me 24x7, so the inability to access things on my desktop is a massive nope for me.
The way I looked at it, it's no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
This application might make me go back into having the two isolated systems, because it removes the massive inconvenience factor
So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I'm not sure the attack surface really is smaller anymore. So, if you're in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.
-
The alternative for people who want a convenience factor is putting it all in the same location. For example, the only thing Authy for desktop closing did for me was make it so I no longer had an isolated app for both 2FA and passwords, because now it's just all in my password manager.
I don't always have my phone on me 24x7, so the inability to access things on my desktop is a massive nope for me.
The way I looked at it, it's no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
This application might make me go back into having the two isolated systems, because it removes the massive inconvenience factor
The way I looked at it, it’s no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn’t be on desktop argument never made sense to me, mobile is the same way.
That is true. And more phones are stolen now than computers. Computers can have the same security and encryption if properly configured.
Even though you make a logical point, something in my gut doesn't feel right.
-
So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I'm not sure the attack surface really is smaller anymore. So, if you're in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.
That makes sense. I hadn't really looked at it from the angle of most apps are going on devices anyway. Mine was just because of the fact that it's super annoying having to have my phone on me at all times for two-factor authentication. Especially considering that most 2FA apps require you to sign in in order to use them anyway.
Also, yeah, that was my ideology when I threw them into my password manager. That if they can manage to breach a device, find my private key that's used to lock the database and figure out the password for the database. Something far worse has gone wrong and losing my passwords is the least of my issues.
-
So the two-factor authentication apps shouldn't be on desktop argument never made sense to me, mobile is the same way.
I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I'm not sure the attack surface really is smaller anymore. So, if you're in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I’m not sure the attack surface really is smaller anymore. So, if you’re in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
This makes sense and puts holes in my statement. I also feel like more people are willing to install shady stuff on their phones than their desktop now. I have no sources for this though.
-
cross-posted from: https://piefed.zip/post/289079
Been using Aegis on android and managing my own backups but maybe switch or use for things I care less for just for simplicity
-
cross-posted from: https://piefed.zip/post/289079
I currently have all of my 2FA codes in Pass except for my Proton account itself, which I have in Aegis, backing up to my home server.
It looks like you can easily export from Aegis to Proton Authenticator and you can use PA without a Proton account, which I think I might do. I don't want to use my PA app with my Proton account to hold my Proton account 2FA code. I'll end up locked out of the house with the keys inside.
-
cross-posted from: https://piefed.zip/post/289079
Ehhhh but they already have this in Proton Pass?
E: found this in the FAQ
Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.
If you already use Proton Pass, I think I'd recommend Ente Auth instead. That's what I use.
-
cross-posted from: https://piefed.zip/post/289079
Ehm… you guys know that behind
allmany major VPN companies there’s the isræli government right? -
Ehm… you guys know that behind
allmany major VPN companies there’s the isræli government right?Justifiable concerns - luckily neither proton nor Mullvad are on that list.
-
Ehm… you guys know that behind
allmany major VPN companies there’s the isræli government right?But few people know that a considerable chunk of that market—including three of the six most popular VPNs—is quietly operated by an Israeli-owned company with close connections to that country’s national security state,
But we're not gonna tell you which ones!
-
Been using Aegis on android and managing my own backups but maybe switch or use for things I care less for just for simplicity
yes Aegis is awesome
-
I guess it's kinda nice. They already had this in Proton Pass, but I guess not all accounts have access to that as a bundle maybe?
Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.
Seems like basically an ad platform/gateway to Pass.
-
Ehm… you guys know that behind
allmany major VPN companies there’s the isræli government right?No, we don't know that. And neither do you.
