I’m migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I’m stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I’m in, I can use Pass for the rest of the 2FAs?

What do you do?

  • @[email protected]
    link
    fedilink
    English
    13
    edit-2
    1 year ago

    It’s recommended to keep your Proton 2FA separate from Proton Pass. I think they wrote a blog post about it, I’ll link it here if I find it

    Edit:

    Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

    https://proton.me/support/pass-2fa

    • @NelizeaM
      link
      English
      11 year ago

      Honestly speaking, nothing is going to happen with two accounts and a normal usage.

    • @alex_herreroM
      link
      English
      11 year ago

      You shouldn’t use multiple free accounts. That’s on their TOS. But you can have multiple paid accounts, or one free and a paid account, sure thing.

  • @barcaxavi
    link
    English
    41 year ago

    Not an answer to your question, just another one connected to it: Is using the same software for storing passwords and 2FA beating the whole purpose of 2FA in some way? For example if someone can get a hold of your proton account somehow, there’s no additional layer of security provided by the 2FA.

    • @[email protected]OP
      link
      fedilink
      English
      21 year ago

      I thought the same thing which is why I’m only switching over now. I switched one account just as a test, but I liked being able to access it from the browser. Maybe it’s less secure but only if someone gets my Proton account itself, which is protected by 2fa in a different app.

      • @barcaxavi
        link
        English
        1
        edit-2
        1 year ago

        Understandable. I’m also struggling sometimes to find the right balance between comfort and security/privacy.

    • @[email protected]
      link
      fedilink
      English
      111 months ago

      Yes and no. You’re correct that if someone compromises your proton account, the 2fa does nothing. But in the other hand, if someone were to acquire your credentials some other way, they may still only have the username and password, and maybe the time-dependent 2fa code. So I would argue it’s better than no 2fa but somewhat inferior to using a separately authenticated 2fa app/device.

  • @[email protected]
    link
    fedilink
    English
    21 year ago

    I actually use a YubiKey (WebAuth)for my password manager. But I also have my OTPs in Aegis that’s locally backed up.