I’m migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I’m stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I’m in, I can use Pass for the rest of the 2FAs?

What do you do?

  • governorkeagan@lemdro.id
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    11 months ago

    It’s recommended to keep your Proton 2FA separate from Proton Pass. I think they wrote a blog post about it, I’ll link it here if I find it

    Edit:

    Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

    https://proton.me/support/pass-2fa

  • barcaxavi@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Not an answer to your question, just another one connected to it: Is using the same software for storing passwords and 2FA beating the whole purpose of 2FA in some way? For example if someone can get a hold of your proton account somehow, there’s no additional layer of security provided by the 2FA.

    • akilou@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      I thought the same thing which is why I’m only switching over now. I switched one account just as a test, but I liked being able to access it from the browser. Maybe it’s less secure but only if someone gets my Proton account itself, which is protected by 2fa in a different app.

  • randombullet@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I actually use a YubiKey (WebAuth)for my password manager. But I also have my OTPs in Aegis that’s locally backed up.