Fantastic, wish they prioritised stuff like this instead of AI but at least it’s here now. Now please make a dedicated contacts app so I can stop using Google contacts too!
Yeah, I also was disappointed that proton wallet was for crypto and not credit cards. Unless someone can recommend an alternative to Google wallet, preferably from F-Droid
I currently have all of my 2FA codes in Pass except for my Proton account itself, which I have in Aegis, backing up to my home server.
It looks like you can easily export from Aegis to Proton Authenticator and you can use PA without a Proton account, which I think I might do. I don’t want to use my PA app with my Proton account to hold my Proton account 2FA code. I’ll end up locked out of the house with the keys inside.
BitWarden is F(antastic)OSS.
Aegis ia even better
I guess it’s kinda nice. They already had this in Proton Pass, but I guess not all accounts have access to that as a bundle maybe?
This is a more welcome addition that a stupid AI chatbot slop machine.
But I would still like to see them release Proton Drive for Linux already.
Is proton legit? I always see mix comments about them.
It’s legit. The negative comments are because the CEO supports US Republican politicians which is a red flag, but there haven’t been any operational reasons to not trust them that I’m aware of.
Doesn’t support republican politicians. Congratulated the anti-big-tech appointment by a republican politician (Trump).
There are no very clear reasons to distrust proton, but is it just me that finds them releasing a 2FA app kinda disturbing? Like, why waste the resources? What could they do better than Aegis, which is already FOSS and privacy preserving? If there is no reason, than I have to wonder if the hidden reason is to get more data into their ecosystem. Which a privacy focused company shouldn’t care about.
I am probably just paranoid but I don’t trust Proton.
Why its not available as apk or aab or on fdroid?
Promoting play store?
What’s more, they talk up how it’s open source and then don’t link to the repo.
Here it is, BTW:
Netflix doesn’t have 2FA
Ehhhh but they already have this in Proton Pass?
E: found this in the FAQ
Proton Pass is a password manager designed to securely generate and store strong passwords, and protect your digital identity with features like email alises and dark web monitoring. It also includes an integrated authenticator that can store and autofill 2FA codes - but not the ones used to log in to your Proton account. Proton Authenticator is a standalone 2FA app that allows users to enable 2FA protection for their Proton account, it also allows users to store their 2FA codes separate from their passwords if they wish to do so.
If you already use Proton Pass, I think I’d recommend Ente Auth instead. That’s what I use.
Been using Aegis on android and managing my own backups but maybe switch or use for things I care less for just for simplicity
Did anyone catch what the Proton app adds over all the already existing apps?
Looks like it has encrypted sync and desktop apps too, so that’s nice if you need stuff on multiple devices.
The sync is the main thing for me. I already back up my Aegis library and upload that to proton drive. Difference in security for me is pretty much zero between Aegis and a proton authenticator app
Hmm… I’m not sure about having an authenticator app on a desktop computer.
Like you are putting all your eggs in one basket. Password managers, and your emails already go to one place for authentication. Adding an authenticator means if your computer is compromised, a person can have access to more accounts.
I always figured this is why desktop authenticator apps aren’t a thing.
The alternative for people who want a convenience factor is putting it all in the same location. For example, the only thing Authy for desktop closing did for me was make it so I no longer had an isolated app for both 2FA and passwords, because now it’s just all in my password manager.
I don’t always have my phone on me 24x7, so the inability to access things on my desktop is a massive nope for me.
The way I looked at it, it’s no different than having a mobile device with a password manager on it, because if someone steals your mobile device, they have access to everything as well. So the two-factor authentication apps shouldn’t be on desktop argument never made sense to me, mobile is the same way.
This application might make me go back into having the two isolated systems, because it removes the massive inconvenience factor
So the two-factor authentication apps shouldn’t be on desktop argument never made sense to me, mobile is the same way.
I think that argument was rooted in the assumption that the phone was a separate and smaller attack surface. The assumption is reasonable if you use your credentials mostly on desktop and only have a few apps on your phone, which was indeed the case for a lot of people in the past.
But nowadays, a lot of people use the same credentials on the phone just as well, and with everything asking to install their app, I’m not sure the attack surface really is smaller anymore. So, if you’re in this scenario, I agree with you that you may not be sacrificing much by having 2FA on desktop.
And, of course, 2FA, even in the same password manager, is still better than none. Your first factor can be stolen in more ways than just compromising your machine, for example through data breaches.
fuck yeah, goodbye authy
Why? What’s wrong with Authy? I use it, Proton and Bitwarden. I could consolidate everything into Proton, but I’m concerned about having everything with one vendor.
Not op, but for me the main problem with Authy is that it is owned by an American company.
It’s not the worst offender, but any American company is subject to the whims of the current administration. As an example, we’re currently seeing how American sanctions lock people out of their Microsoft accounts at the International Court.
I’ve slowly been moving over my 2FA codes to Aegis.
Ehm… you guys know that behind all major VPN companies there’s the isræli government right?
Ehm… you guys know that behind all major VPN companies there’s the isræli government right?
Okay. proceeds to check article
Kape Technologies
This is why you research the VPN provider prior to making your purchase, read their privacy policies, their EULA, their TOS, the companies history.
If it reads like the Bible skip over it.
ProtonVPN, iVPN and Mullvad have no association with this article whatsoever.
No, Proton specifically has no confirmed association, I agree. So I trust them? No. I see too many signs, too many people recommending it online, too many all-connected services. For me, this is a recipe for disaster and I’m not here to be lied to my face again.
Not the first time for the very neutral state
According to a Swiss parliamentary investigation, “Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying”.
On a related note, we have also had people ask us about Proton Mail’s official position regarding the ongoing Palestinian-Israeli conflict and whether working with an Israeli company means we are taking sides in this conflict. The answer is NO. As a Swiss company, we adhere to a policy of strict neutrality
I don’t know about you guys but this 👆 is enough for me.
Not the first time for the very neutral state
According to a Swiss parliamentary investigation, “Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying”.
If your concern is that the CIA owns Crypto AG you should take into consideration what their focus is on, are they focused on child predators and gangs or people torrenting movies and music?
Crypto AG and Proton have clashed in the past resulting in this article from Proton;
https://proton.me/blog/is-protonmail-trustworthy
Transparency: You know who runs the company, where they run it from, how they run it, what data they have, how they interact with law enforcement, and much more.
Business model: Their business model (how they make money) is simply having paid users that pay for the service. If they were to breach that trust, then they would no longer be able to sustain themselves.
Competence: They have a team of highly competent people. Most people in their management level have Ph. Ds and they are trusted by many users with heightened security needs. These users includeHKMaps.live, Bellingcat etc.
Verified By Third Parties: Proton is still in the process of getting all their apps audited and open sourced. Currently, the ProtonMail iOS app, OpenPGP.js, GoOpenPGP and all the ProtonVPN apps have been audited by Cure53 or SEC Consult and the reports publically available with the source code on github with android and bridge on the way. Furthermore, they have been checked over by the EU and given a 2 million euros of funding that can be used on anything to further their mission with no other obligations.
Legal guarantees: Proton is based in Switzerland, a country with strong privacy protections, and outside the 14 eyes surveillance network. Under Swiss law, they are only permitted to reveal user data if served with a binding legal order from the Swiss government. Sharing data without a legal order is a criminal offense under Article 271 of the Swiss Criminal Code.
Track record: ProtonMail’s creation by scientists who met at CERN (the European Organization for Nuclear Research) is well documented, including on the CERN website. The scientific background of their leadership team can be easily verified by looking at their academic careers and scientific publications.
More info
On a related note, we have also had people ask us about Proton Mail’s official position regarding the ongoing Palestinian-Israeli conflict and whether working with an Israeli company means we are taking sides in this conflict. The answer is NO. As a Swiss company, we adhere to a policy of strict neutrality
In the header of this article you seemed to have glossed over:
UPDATE April 3, 2020: The information in this article is outdated. As of last year, we no longer have any contract with Radware.
If your concern is that the CIA owns Crypto AG you should take into consideration what their focus is on, are they focused on child predators and gangs or people torrenting movies and music?
If I present my legitimate concerns about companies being tampered by CIA with the complicity of a “”neutral”” country (since it already happened) and your reply is “Chillax bro, even if they are what do you have to hide? They are not looking for you!”
you either:
- are terribly naive
- work for Proton.
I’m just saying, I don’t trust companies, nobody should, especially when everything seems too good. I think we should always challenge them and replace them at their first mistake. Don’t they follow the glorious free and competitive market? Let em fight.
No, we don’t know that. And neither do you.
Ehm… no i do.
But few people know that a considerable chunk of that market—including three of the six most popular VPNs—is quietly operated by an Israeli-owned company with close connections to that country’s national security state,
But we’re not gonna tell you which ones!
Yeah, not good of them to not share that information.
But for anyone who’s wondering, here’s a decent article that goes over the shady companies that discretely own most VPNs apps.
Amusingly, and kind of in counterpoint to the guy who you replied to, this article concludes that Proton is actually a solid VPN option that isn’t beholden to one of those sketchy VPN-hoarding companies. Though they don’t talk about any Israeli influence in Proton TBF. But still, on a general level (excluding the Israel/Palestine thing), Proton seems like one of the better options.
They also recommend Mullvad as a good option. I’ve never used them, but I’ve seen mentioned positively in other articles about VPNs.
ETA: Clarity.
