I’m migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I’m stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I’m in, I can use Pass for the rest of the 2FAs?

What do you do?

  • governorkeagan@lemdro.id
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    1 year ago

    It’s recommended to keep your Proton 2FA separate from Proton Pass. I think they wrote a blog post about it, I’ll link it here if I find it

    Edit:

    Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

    https://proton.me/support/pass-2fa

  • barcaxavi@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Not an answer to your question, just another one connected to it: Is using the same software for storing passwords and 2FA beating the whole purpose of 2FA in some way? For example if someone can get a hold of your proton account somehow, there’s no additional layer of security provided by the 2FA.

    • akilouOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I thought the same thing which is why I’m only switching over now. I switched one account just as a test, but I liked being able to access it from the browser. Maybe it’s less secure but only if someone gets my Proton account itself, which is protected by 2fa in a different app.

  • randombullet@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I actually use a YubiKey (WebAuth)for my password manager. But I also have my OTPs in Aegis that’s locally backed up.

    • akilouOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Sure but do I split off my Proton account from the rest?

      • Free Palestine 🇵🇸
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        What do you mean? You just add your Proton Account to an authenticator app (not Proton Pass) and you keep all of your other stuff in Proton Pass.

        • akilouOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That is what I mean. Does it make sense to have one app (Aegis) just for one account (Proton) and then another app (Pass) for all other 2FAs?

          • Free Palestine 🇵🇸
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            There’s nothing wrong with this setup. Of course, it’s more secure to keep your passwords separate from your 2FA tokens, I store them in Aegis and only use my password manager for my credentials.