Fairly new to proton, only using it as a backup for Bitwarden and likely to quit altogether for the below-mentioned reasons. Its security policies is a pure joke for the actually opsec conscious users, especially for the app trying to position itself as a leader in this field.
It's universally agreed that any system is only as strong as its weakest link. Now you can give me all the reasons in the world for making authen. app mandatory MFA on top of the hw keys (avoiding user lockouts, keys not being fully rolled etc), but the bottom line is YOU CAN'T USE HW KEYS SECURITY ON PROTON. On top of passwordless hw keys - industry gold standard - not even being an option at all on Proton, YK U2FA's security is negated altogether by the requirement to always have authen app enabled to use YK as MFA lol
My whole opsec system is built around the safest YK option for authentication, I have multiple keys and decent recovery protocol. So the only way I see for me to keep using proton drive even a little bit is by deleting its 2FA secret from the authen app altogether but securing its secret key by YK (in case I'd need the app for some stupid security setting etc). But its far form ideal ofc.
[link] [comments]
from hacking: security in practice https://ift.tt/VBaYRHw
Comments
Post a Comment