Thank you for your comment. I was also confused initially before reading properly. I thought, ‘What? But isn’t the Proton 2FA thing paid? What do they gain by making it free?’ It seems that most people are not willing to use this new app, though. Ente, Aegis, whatever the alternative is, there doesn’t seem to be a reason to use this new authenticator from Proton instead. I wonder what their goal is here. Is it simply to expand their app ‘ecosystem’?
Comment on Proton releases a new app for two-factor authentication
artyom@piefed.social 1 month ago
Ehhhh by they already have this in Proton Pass?
AncientConnection@lemmy.ml 1 month ago
artyom@piefed.social 1 month ago
There are ads in the app for Proton Pass, so that's my best guess.
pulsewidth@lemmy.world 1 month ago
It is very wise to store your 2FA codes separately from your general login credentials. If one is breached, the other protects it (hence, two factor). If both are breeched, your account is hosed.
Same deal when setting up 2FA on an account and they provide some ‘one time use’ 2FA codes, they generally say ‘do not store these with your standard password credentials - keep them secure and separate’.
artyom@piefed.social 1 month ago
Correct. However it's worth noting that passwords are almost always compromised server-side. So 2FA is far more a mitigation of data breaches from the provider, rather than your password manager being breached.
pulsewidth@lemmy.world 1 month ago
Feels like everyone has forgotten when LastPass was breached, and that was barely three years ago.
Any affected LastPass users storing their 2FA backup codes in with the rest of their login data got a rude awakening.
Anyone who had them separate was at least able to rescue those accounts. But hey do what you like people, I know convenience usually trumps security.
artyom@piefed.social 1 month ago
As far as I know, passwords and TOTP keys were never leaked by LastPass. Regardless, I did say almost always.
BlameTheAntifa@lemmy.world 1 month ago
You really should not keep your MFA codes in the same place as your passwords, especially if you are syncing those passwords between devices and/or a cloud service.
artyom@piefed.social 1 month ago
Yes that's why I said:
BlameTheAntifa@lemmy.world 1 month ago
Aha. Sorry, I misunderstood. I saw the first line about Proton Pass already supporting MFA and I wasn’t familiar with Ente Auth. I did just look it up and I can’t believe I’ve never heard of it before. It’s even AGPL-3.0, be still my beating heart! Thank you for pointing it out!
ente.io for anyone curious.
steal_your_face@lemmy.ml 1 month ago
I use ente photos too and I like it
artyom@piefed.social 1 month ago
Yes, the biggest difference is that Proton Auth seems to work without an account.