Proton warns to not use 2fa from Proton Pass for your Proton account.
this post was submitted on 16 Jan 2024
30 points (94.1% liked)
Asklemmy
43290 readers
1303 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
Yeah, from what I've read the best approach is a different service for 2fa and/or something involving backups and a physical safe.
Sounds like it's time for some correcthorsebatterystaple!
Correcthorsebatterystaple is good and all, and I'm probably literally the only person dumb enough to have this problem, but because of it my work password, which I have to type multiple times in a row regularly throughout the day due to our protocols, is 45 characters long. This is not an exageration, I counted.
Should I have picked something shorter since I already knew how often I would need to type it? Yes. Should I just bite the bullet and reset it early? Also yes. Don't be like ol' uncle Hazzia, kids.
Okay yeah I'll admit that's pretty bad, haha. The only password I actually know nowadays is the passphrase to my Keepass database, which clocks in at 40 characters. I rarely say this to people, but have you considered a shorter password? :P
I don't even know my master password :D I use some script to generate it and I just copy+paste it.
Password manager inception. Sign up for last pass, and bitwarden, and Google auth and Ms auth. Get a burner phone and rotate and change passwords monthly.
...sorry for my useless post.
Use a passphrase (not a password) and a physical security key, like a yubikey. It also supports TOTP or whatever 2fa Proton uses, you just connect it with a laptop or phone and it gives you a key.
A physical key is much more secure than 2fa from a password manager (although both are probably fine)
In my opinion the centralization of all your data and secrets to one single company is itself a security risk. When I realized that, I completely stopped using proton. I see 2 main issues with using all-proton: 1. they could turn evil (like a lot of big companies do) 2. They can have exploits which then can effect all your data / secrets. I switched to have a different company for each service and I don't really pay more than what I would have to pay proton to get the same things.
Best thing you can do is learn a very strong and complex password to use for your proton account, that's what I did.
It takes a bit of time but eventually you'll learn to type it in fast.
Okay lets say I set a memorable password then I would also be removing 2fa from account as well?
I use all of Protonβs products as well. Iβve found a Yubikey works best for the 2FA codes. Iβm also working on having a backup password manager
Im in the same boat. They really need to allow a second password for the pass database.
Sorry if it's a dumb question, but why not just change your account password to something you'd use for a pass database?
Yeah that's already how it works. That's why in certain browsers logging in takes forever if you have a ton of mail, it has to decrypt the metadata of each email, then the contents when you click that email. Try enabling email content search on proton with over 5k emails.
proton pass has a few non-email avenues to recovery. check it out.
Maybe diceware passwords can help you?
I use a password manager
Proton pass is a password manager but it uses the same account as proton mail. So I can't have a secure password for proton mail as I would have to use it to login to proton pass first.
Useless
Either have a strong password and write it down somewhere, or use another password manager for proton? That seems kinda unnecessary though. Would be nice if proton supported yubikey or passkey or something.