General rule: never give a company all trust and power. If a company has access to part A of your life and encrypts fully from begin and during til end, ok.
But if a company also has access to your agenda, your authentication, your hospital data, etc… that can be dangerous. Best to spread the risk, I feel, with the best options available.
Agreed. Having and your 2fa and your password vault in one breaks the entire purpose of 2fa. Your vault gets compromised then your 2nd factor is useless. Good security products need to be convenient for mass adoption but there needs to be a balance. And all eggs in one basket is not balanced.
Passkeys are going to replace passwords and TOTP. And that’s just the same as having a vault with both passwords and TOTP. For mass adoption it’s fine, people are much more likely to use a reputable password manager like this than they are to use one for just passwords and then something else for TOTP.
Proton has good export features, so it’s easy to left in case they enshitify. Second, they do not have the keys. So far, ok for me.
Why isnt this just built into pass. Can we not have this trend of a different app for every feature.
Proton Pass already has built-in authentication keys. The proton auth application is more for those who want to separate dual authentication from their password manager, or for those who don’t use proton services but want to have a european dual authentication application. But I admit that the separation of services into multiple applications confuses the issue.
Proton Pass already has built-in authentication keys.
The free version only have i think 2 or 3 built in, you AFAIK still need a seperate authenticator.