• Yote.zip
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    If they’re going to try to compete with Bitwarden they could at least offer 2FA for free instead of paywalling it as a feature. It was disappointing when Bitwarden did it, and it’s even more disappointing with Proton - it’s like failing an open book test.

    • HughJanus@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      You shouldn’t be using that feature anyway. Keeping your passwords and 2FA in the same place means you only have 1FA.

      • Yote.zip
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        It’s mainly a difference in threat model. 2FA within a password manager is still 2FA for concerns of a website login being hacked by remote adversaries, which is the most important problem to solve.

        If you use 2FA within your password manager, you should still lock that outer-most password vault with 2FA from a separate device (like you said), which solves your password vault being hacked by remote adversaries. Optionally, you can then use aggressive idle-locking of your vault on your personal devices, in case they’re stolen physically.