this post was submitted on 31 Jul 2025
268 points (95.0% liked)

Technology

73503 readers
4491 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
268
Proton releases a new app for two-factor authentication (techcrunch.com)
submitted 2 days ago* (last edited 2 days ago) by RmDebArc_5@piefed.zip to c/technology@lemmy.world
98 comments fedilink hide all child comments
 

cross-posted from: https://piefed.zip/post/289079

Proton Authenticator Blogpost

you are viewing a single comment's thread
view the rest of the comments
[–] artyom@piefed.social 21 points 2 days ago* (last edited 2 days ago) (3 children)

Ehhhh but they already have this in Proton Pass?

E: found this in the FAQ

Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.

If you already use Proton Pass, I think I'd recommend Ente Auth instead. That's what I use.

[–] BlameTheAntifa@lemmy.world 18 points 1 day ago (1 children)

You really should not keep your MFA codes in the same place as your passwords, especially if you are syncing those passwords between devices and/or a cloud service.

[–] artyom@piefed.social 13 points 1 day ago (1 children)

Yes that's why I said:

If you already use Proton Pass, I think I'd recommend Ente Auth instead

[–] BlameTheAntifa@lemmy.world 6 points 1 day ago (2 children)

Aha. Sorry, I misunderstood. I saw the first line about Proton Pass already supporting MFA and I wasn’t familiar with Ente Auth. I did just look it up and I can’t believe I’ve never heard of it before. It’s even AGPL-3.0, be still my beating heart! Thank you for pointing it out!

https://ente.io/ for anyone curious.

[–] steal_your_face@lemmy.ml 4 points 1 day ago

I use ente photos too and I like it

[–] artyom@piefed.social 2 points 1 day ago

Yes, the biggest difference is that Proton Auth seems to work without an account.

[–] AncientConnection@lemmy.ml 2 points 1 day ago (1 children)

Thank you for your comment. I was also confused initially before reading properly. I thought, 'What? But isn't the Proton 2FA thing paid? What do they gain by making it free?' It seems that most people are not willing to use this new app, though. Ente, Aegis, whatever the alternative is, there doesn't seem to be a reason to use this new authenticator from Proton instead. I wonder what their goal is here. Is it simply to expand their app 'ecosystem'?

[–] artyom@piefed.social 1 points 1 day ago

There are ads in the app for Proton Pass, so that's my best guess.

[–] pulsewidth@lemmy.world 0 points 1 day ago (1 children)

It is very wise to store your 2FA codes separately from your general login credentials. If one is breached, the other protects it (hence, two factor). If both are breeched, your account is hosed.

Same deal when setting up 2FA on an account and they provide some 'one time use' 2FA codes, they generally say 'do not store these with your standard password credentials - keep them secure and separate'.

[–] artyom@piefed.social 8 points 1 day ago (1 children)

Correct. However it's worth noting that passwords are almost always compromised server-side. So 2FA is far more a mitigation of data breaches from the provider, rather than your password manager being breached.

[–] pulsewidth@lemmy.world 3 points 1 day ago (1 children)

Feels like everyone has forgotten when LastPass was breached, and that was barely three years ago.

Any affected LastPass users storing their 2FA backup codes in with the rest of their login data got a rude awakening.

Anyone who had them separate was at least able to rescue those accounts. But hey do what you like people, I know convenience usually trumps security.

[–] artyom@piefed.social 1 points 1 day ago (1 children)

As far as I know, passwords and TOTP keys were never leaked by LastPass. Regardless, I did say almost always.

[–] pulsewidth@lemmy.world 0 points 13 hours ago* (last edited 13 hours ago)

That's just scratching the surface. Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. So that 'almost always' ain't right regardless.

The goal of 2FA is to be 'something you have' like an authenticator device or auth app on your phone, working as a secondary verifier that you are who you say you are to the 'something you know' being your password. So if you store 2FA codes with your password then you just have two sets of 'something you know' which is far less secure - and leaves you more vulnerable.

Of course, it doesn't matter much with stuff like a low value forum account that has 2FA, but I certainly wouldn't put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It defeats the purpose.