Proton pass
Guys I use proton mail and proton pass but the issue I have is that how can I have a secure password for proton mail with 2fa if I use proton pass? If I have a less difficult password then I am lowering my security and If I want to have a 2fa (with local encrypted file) then I have to save it on some secure cloud, which for me is proton drive or mega then again I have those passwords saved in proton pass so I would have to login to proton pass first, If I lower password of those apps then again it risks security. ( I am sorry I am so confused). Please help!
Proton warns to not use 2fa from Proton Pass for your Proton account.
Yeah, from what I’ve read the best approach is a different service for 2fa and/or something involving backups and a physical safe.
What? Really?
Yes. I seem to recall that it will change later on, but i don’t know when
Sounds like it’s time for some correcthorsebatterystaple!
deleted by creator
Okay yeah I’ll admit that’s pretty bad, haha. The only password I actually know nowadays is the passphrase to my Keepass database, which clocks in at 40 characters. I rarely say this to people, but have you considered a shorter password? :P
Password manager inception. Sign up for last pass, and bitwarden, and Google auth and Ms auth. Get a burner phone and rotate and change passwords monthly.
…sorry for my useless post.
Use a passphrase (not a password) and a physical security key, like a yubikey. It also supports TOTP or whatever 2fa Proton uses, you just connect it with a laptop or phone and it gives you a key.
A physical key is much more secure than 2fa from a password manager (although both are probably fine)
Best thing you can do is learn a very strong and complex password to use for your proton account, that’s what I did.
It takes a bit of time but eventually you’ll learn to type it in fast.
Okay lets say I set a memorable password then I would also be removing 2fa from account as well?
I use all of Proton’s products as well. I’ve found a Yubikey works best for the 2FA codes. I’m also working on having a backup password manager
Im in the same boat. They really need to allow a second password for the pass database.
I use a password manager
Proton pass is a password manager but it uses the same account as proton mail. So I can’t have a secure password for proton mail as I would have to use it to login to proton pass first.
Useless
proton pass has a few non-email avenues to recovery. check it out.
Maybe diceware passwords can help you?
In my opinion the centralization of all your data and secrets to one single company is itself a security risk. When I realized that, I completely stopped using proton. I see 2 main issues with using all-proton: 1. they could turn evil (like a lot of big companies do) 2. They can have exploits which then can effect all your data / secrets. I switched to have a different company for each service and I don’t really pay more than what I would have to pay proton to get the same things.
