ProtonMail is the latest company to allow the use of physical security keys to log into accounts via two-factor authentication. Proton is a Swiss-based company that offers many popular services such as end-to-end encryption ProtonMail.
According to ProtonMail, the company recognizes that users are looking for better protection of sensitive data and prevent hackers and third parties from accessing it. The final step of enabling consumers to use security keys in 2FA logging into their accounts aims to improve the security and privacy of user data and reduce the possibility of email security threats such as phishing scams.
So far, ProtonMail has used time-sensitive verification codes/time-based one-time passwords (TOTP) created by an authenticator application installed on the mobile device. However, although this is a more secure method than sending the code in SMS messages to the device, it has one drawback: the period for entering the received code was relatively short.
Now, the company allows users to perform 2FA through security keys to eliminate the hassle for good. And it will make the user more confident about the security of their data due to the possession element as they would have the key physically.
Another benefit is that consumers can use the built-in security key to verify their identity using Windows Hello, or Biometric data based on Apple Touch ID.
Regarding the keys it will support, ProtonMail Explain that for now it would support YubiKey and FIDO2 (Fast IDentity Online) or U2F (Universal 2nd Factor) compliant keys.
For your information, Yubi Key is a hardware authentication device used to protect access to networks, computers and online services. It supports OTP (one-time passwords), verification and public key cryptography.
Physical security keys are an easy way to provide additional protection, because even if a victim is tricked into entering credentials on a phishing site, it is difficult to compromise the target account without physically possessing the key itself. same.
Andy Yen, Founder and CEO of Proton
This step by ProtonMail paved the way for the use of mobile devices as security keys, and the company aims to expand its support for various other options.
- ProtonMail’s Free ProtonVPN to Fight Online Censorship
- Email encryption service provider ‘ProtonMail’ now on Tor
- German court forces Tutanota to let authorities read emails
- “ProtonMail Contacts” launches an encrypted contacts manager
- Microsoft prohibits Tutanota users from registering MS Teams accounts