Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Entra options...

IMG_3102.jpeg
 
I feel one of the advantages of a 2FA app is that if, for whatever reason, your password manager is compromised, the passwords still can't be used to log in to sites requiring 2FA.

In my case, if somehow Bitwarden was compromised (maybe someone saw me type in the password) then they'd still need my phone and to unlock it to use Authy.

It's for this reason I don't like the idea of both passwords and 2FA codes being in the same app, such as Apple's.
 
I feel one of the advantages of a 2FA app is that if, for whatever reason, your password manager is compromised, the passwords still can't be used to log in to sites requiring 2FA.

In my case, if somehow Bitwarden was compromised (maybe someone saw me type in the password) then they'd still need my phone and to unlock it to use Authy.

It's for this reason I don't like the idea of both passwords and 2FA codes being in the same app, such as Apple's.
It is called two factor authentication for a reason! That's exactly the reason our administrators insisted of using a secondary device for 2FA. It is less secure if both are on the same device - even more if they are even in the same app! It may be more convenient, but it is less secure.
 
I feel one of the advantages of a 2FA app is that if, for whatever reason, your password manager is compromised, the passwords still can't be used to log in to sites requiring 2FA.

In my case, if somehow Bitwarden was compromised (maybe someone saw me type in the password) then they'd still need my phone and to unlock it to use Authy.

It's for this reason I don't like the idea of both passwords and 2FA codes being in the same app, such as Apple's.
I am using Duo with Bitwarden. It's free for single user, at least it was free when I signed up. I like it, simple yes or no notification on my Apple Watch.
 
  • Like
Reactions: adrianlondon
It is called two factor authentication for a reason! That's exactly the reason our administrators insisted of using a secondary device for 2FA. It is less secure if both are on the same device - even more if they are even in the same app! It may be more convenient, but it is less secure.

Exactly. Also, if I decided to compromise my security and use Bitwarden to store my 2FA codes, how would I log into Bitwarden which requires a 2FA code? 🤔 😁

So I'd still need a separate app anyway.
 
  • Like
Reactions: UliBaer
Yes. SMS. When l use Safari to log into my accounts for: insurance, medical, payroll, retirement, FedEx, UPS, USPS, and others, I am sent a code via SMS.
SMS 2FA is better than no 2FA, but it's still not very secure. SIM jacking attacks, and the general lack of security with SMS means it's not great for protecting accounts. Time-based One Time Passwords (TOTP) based 2FA is much better, which is what this Proton app - and others like OTP Auth (what I use), Authy, MS Authenticator, Google Authenticator, and the 2FA built into password managers - do.

While it's convenient to have TOTP 2FA in your password manager app, it reduces security since if the password app is compromised, they then also have your 2FA as well. If it's in a separate app, it will likely give you time to get things fixed before someone gains access to your important accounts.
 
While it's convenient to have TOTP 2FA in your password manager app, it reduces security since if the password app is compromised, they then also have your 2FA as well.
Security aside, I'm thinking about the recovery hassle if I permanently lost access to my Apple account. Yep, it's convenient to have one Apple ID for email and saving passwords, but yikes, losing the ability to receive 2FA codes would make recovery even more difficult, so I'll definitely keep them separate.

Some people need estate planners, I feel like I need a technology recovery planner.
 
Alas, without sharing for certain codes this wouldn’t work for my use case and I see no mention of that on the site. Also, the blog post immediately preceding this one is about Dropbox dropping theirs, so I am not confident in these “free” products.
 
  • Like
Reactions: Siriosys
I think this looks like a great authentication app. I have been paying for and using 1Password for a while simply because it had great support for the Apple Watch which this doesn't. It's such a game changer to be able to login without having to hunt down your phone start an app and find the code you need. Just put it into a complication on the watch face and it's always there when you need it. I hope Proton add this feature, I'm ready to switch once they do.
 
Security aside, I'm thinking about the recovery hassle if I permanently lost access to my Apple account. Yep, it's convenient to have one Apple ID for email and saving passwords, but yikes, losing the ability to receive 2FA codes would make recovery even more difficult, so I'll definitely keep them separate.

Some people need estate planners, I feel like I need a technology recovery planner.
Yep, the more secure something is, and the more you take on in the service of keeping your own security, the more you need to have your own backup plans.

For me, I keep a paper folder of the original shared secret or QR code used to setup the TOTP app. I also keep backups on an encrypted veracrypt drive of the export of my OTP Auth app. This reminds me, I need to get around to documenting all this so if something happens to me, my wife would have a chance at understanding how it all works.
 
  • Like
Reactions: mhnd
...Also, the blog post immediately preceding this one is about Dropbox dropping theirs, so I am not confident in these “free” products.

Proton offers a basic level of all their services for free. It's financed by users like me who have a subscription for additional options of all those free services. They aren't advertising/data harvesting driven and put users first. They are advocates for an open web and privacy first. I'm a happy customer since almost a decade.
 
Does this have an Apple Watch app? Glad there is another open program 2FAS has been great and recently made a password manager too haven’t looked yet. Bitwarden/2FAS have been solid.
 
I still use 1Password 7 for 2FA codes until it's not possible. Does anyone know if 1P 7 still works under iOS26/MacOS26?
I also use 1Pasword 7. It seems to work under the beta of iOS 26 and MacOS Tahoe. Now that there is an authenticator application I don't have much of a need for 1Password 7. I'm also looking at bitwarden authenticator as well.

Since 1Password 7 is not supported anymore, I would look at other options such as Bitwarden or Proton Pass for example.
 
Last edited:
Is this an issue for anyone? I use MS Authenticator and never once have I regretting "relying on Microsoft"...it works "whenever I need them" and to be honest, I trust a giant company like MS more than Proton.

It's a matter of consumer choice and platform availability. MS Authenticator isn't available on Linux, for example - this Proton app is.
 
Last edited:
What are the advantages and disadvantages of third-party 2FA when the entity already has its own 2FA? For example, I have 2FA enabled for my Amazon account. Why would I want to use a third party for that?
When an entity has its own 2FA, it may disallow using 3rd-part 2FA. Case in point: Microsoft requiring Microsoft 2FA.
When an entity or company has no built-in 2FA, it implements or supports some list of 3rd-part 2FA. You can use any app in the list. You may prefer some providers, or check if the last version isn't too old. Also, the option of syncing 2FA between devices (proposed by Proton to account holders) is a bit strange since the purpose of 2FA is to prove you're currently holding the device that generated the 2FA token. If several devices at several locations have the ability to provide the same token, it lessens security (vs each token having its own 2FA instance). Maybe there's a use case for that?
 
Last edited:
  • Like
Reactions: CharlesShaw
The desktop app is very nice to have, and I like Proton's iOS interface better than Google Authenticator. One thing this app doesn't do though is local exports/backups, so the only way to save your code accounts is to use the iCloud feature.

I may be paranoid but I feel safer having my TOTP codes connected to nothing, only accessible on my devices which are protected by physical proximity and Face ID. So unfortunately Proton won't work for me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.