Proton Pass now supports passkeys on all devices and plans | Proton
proton.me
Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly.

Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing attacks and make your online experience smoother and safer.

Unfortunately, Big Tech’s rollout of this technology prioritized using passkeys to lock people into their walled gardens over providing universal security for everyone (you have to use their platform, which often does not work across all platforms). And many password managers only support passkeys on specific platforms or provide them with paid plans, meaning you only get to reap passkeys’ security benefits if you can afford them.

They’ve reimagined passkeys, helping them reach their full potential as free, universal, and open-source tech. They have made online privacy and security accessible to everyone, regardless of what device you use or your ability to pay.

I’m still a paying customer of Bitwarden as Proton Pass was up to now still not doing everything, but this may make me re-evaluate using Proton Pass as I’m also a paying customer of Proton Pass. It certainly looks like Proton Pass is advancing at quite a pace, and Proton has already built up a good reputation for private e-mail and an excellent VPN client.

Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!

See https://proton.me/blog/proton-pass-passkeys

#technology #passkeys #security #ProtonPass #opensource

  • hedgehog@ttrpg.networkEnglish
    0·
    6 months ago

    For an authentication flow to qualify as two factor authentication, a user must verify at least two factors - and each must be from the following list:

    • something they know, like a password
    • something they have, like a phone or security key
    • something they are - fingerprints, facial recognition (like FaceID), iris scans, etc…

    Passkeys require you to verify a password or authenticate with biometrics. That’s one factor. The second factor is having the passkey itself, as well as the device it’s on.

    If you login to your password manager on your phone and use your fingerprint to auth, that’s two factors right there.

    • irotsoma@lemmy.worldEnglish
      1·
      6 months ago

      But authentication to access the passkey is on a remote device. So the server doesn’t have any information about if or how authentication was performed for the person to access the key. If they use a 4 digit pin or, worse, the 4 point pattern unlock, it’s easy enough to brute force on most devices.

      This is also why using a password manager is not two factor authentication. It is one factor on your device and one factor on the server. But no one monitors the security logs on the device to detect brute force attacks and invalidate keys. Most don’t even wipe the device if the pin is being brute forced.