ProtonMail is the latest company to allow the use of physical security keys to log into accounts through two-factor authentication. Proton is a Switzerland-based company offering numerous popular services like end-to-end encrypted ProtonMail.
According to ProtonMail, the company acknowledges that users look for better protection of sensitive data and prevent hackers and third parties from accessing it. The latest step of allowing consumers to use security keys in 2FA to log into their accounts is aimed at enhancing user data security and privacy and reducing the possibility of email security threats such as phishing scams.
So far, ProtonMail has used time-sensitive verification codes/Time-based one-time passwords (TOTP) created by an authentication app installed on the mobile device. However, despite being a safer method than sending the code in SMS messages to the device, it has a shortcoming: the received code’s introduction period was relatively short.
Now, the company is allowing users to perform 2FA via security keys to eliminate the hassle for good. And it will make the user feel more confident about their data’s security because of the possession element, as they would physically have the key.
Another benefit is that consumers can use the integrated security key to verify their identity using Windows Hello, or Apple Touch ID-based biometric data.
Regarding the keys it will support, ProtonMail explained that for now, it would be supporting YubiKey and keys that comply with the FIDO2 (Fast IDentity Online) or U2F (Universal 2nd Factor) standard.
For your information, YubiKey is a hardware authentication device used to protect access to networks, computers, and online services. It supports OTP (one-time passwords), verification, and public-key cryptography.
Physical security keys are a straightforward way to provide additional protection because even if a victim is tricked into entering credentials on a phishing site, compromising the target account without physical possession of the key itself is difficult.
Andy Yen, Founder and CEO of Proton
This step from ProtonMail has paved the way for mobile devices to be used as security keys, and the company aims to expand its support for various other options.