I’m migrating the handful of accounts that I have 2FA set up in from using Authy to using Proton Pass. But I’m stuck on my Proton account itself. Should I keep Authy just for my Proton account and then once I’m in, I can use Pass for the rest of the 2FAs?
What do you do?
It’s recommended to keep your Proton 2FA separate from Proton Pass. I think they wrote a blog post about it, I’ll link it here if I find it
Edit:
Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.
Proton themselves have suggested creating a second Proton account expressly for this purpose, despite violating their own ToS.
I think you’re allowed to do it if you’re a paying customer
Hah. Love it
You shouldn’t use multiple free accounts. That’s on their TOS. But you can have multiple paid accounts, or one free and a paid account, sure thing.
Honestly speaking, nothing is going to happen with two accounts and a normal usage.
Not an answer to your question, just another one connected to it: Is using the same software for storing passwords and 2FA beating the whole purpose of 2FA in some way? For example if someone can get a hold of your proton account somehow, there’s no additional layer of security provided by the 2FA.
I thought the same thing which is why I’m only switching over now. I switched one account just as a test, but I liked being able to access it from the browser. Maybe it’s less secure but only if someone gets my Proton account itself, which is protected by 2fa in a different app.
Understandable. I’m also struggling sometimes to find the right balance between comfort and security/privacy.
deleted by creator
I actually use a YubiKey (WebAuth)for my password manager. But I also have my OTPs in Aegis that’s locally backed up.
