Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Proton Releases Free Two-Factor Authentication App
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not sure the difference, but I have Imprivata as my 2FA for Teams and Outlook.
Nice, but why not have something like this for passkeys?
Why is it going so going so slow to move over to passkeys? I thought we would have come much further by now.
Hmm… Seems the Proton Authenticator ”Mac app” is actually just the iPad app, or am I missing something?
Why is it going so going so slow to move over to passkeys? I thought we would have come much further by now.
Hmm… Seems the Proton Authenticator ”Mac app” is actually just the iPad app, or am I missing something?
Proton Pass: Free password manager with identity protection | Proton
Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.
proton.me
I recently switched from Google’s authentication app to Apple’s Passwords app, and it’s significantly better. You don’t have to manually transfer all your accounts whenever you get a new phone because it seamlessly transfers over with your iCloud. This feature works on all Apple devices, so you don’t need to get a new phone if you need a code while using your MacBook. I highly recommend this app to everyone
2FAS Auth is similar, without an account, open source and optional (iCloud) sync.
Last edited:
What sucks about google's version is that if you delete the app, lose your phone or buy a new phone and forget to transfer your tokens, you can no longer log in... And I use it so rarely that I do forget from time to time. It's another thing to have to remember and yet another way to get locked out of your own account. Passkeys would be much better but hardly any service uses them for some reason. Not that I understand how any of these even work, I just hope they do.
I cannot second that.
I use Authy for all my 2FA needs since years and it works flawlessly with all Microsoft services i use at work? 🤔
Regarding adoption of passkeys, I think people in general don’t like passkeys that much, because while in principle more secure, they are a bit of a black box. Entering a password or time-based code is something that everyone can intuitively grasp on some level. The mechanism of passkeys is more opaque and a bit inscrutable.
Hmm interesting. I have the App installed and it synced my codes from iPhone to iPad without an Proton Account via iCloud.
But yeah, there is an additional Option in the Settings to Sync across devices which then prompts a Proton Login page.
I guess its Proton Account free within the Apple iCloud ecosystem, but you will need an Proton Account when Windows or Android gets involved? Could be explained more precise in their FAQ
I'm not a fan of it being under an Apple ID password...If your Apple account gets compromised, then everything is gone. For that reason, I don't keep my main passwords (Apple, Google, financial) in the Apple passwords app; they go into KeePass, and stay offline.
Apple really, really, really, needs to allow an independent password for the Passwords app.
Texted like SMS?
Well, most companies don't use this expensive and unsecure method anymore, but a 2FA computer standard to generate the codes in a special computer program. (For example in the Apple password app)
It depends on the authentication method. Passwordless sign-in with the two-digit code for example is specific to the Microsoft app, I believe. Administrators can also require geolocation information in the protocol, which propably also requires the Microsoft app.
Someone please correct me if that is incorrect, I wouldn’t mind getting rid of the Microsoft app.
Yes. SMS. [Edit: My carrier has the SIM lock feature, and I've locked it, so what other risks are there with SMS 2FA?]
Last edited:
Ok, maybe if you want to use special features, that only Microsoft provides to their services, this might be the case. But our administrators simply enforced the use of 2FA, wanted to be as independent as possible and insisted of using a secondary device (mostly the personal mobile) for authentication. So they used the widespread method, that works with all 2FA apps.
This isn’t true. They hide the link to use a different app for 2FA in Microsoft account settings — Microsoft Authenticator is the big blue button “golden path” — but it’s there. (It might be different if you’re using a Microsoft account provided by your organization, not sure.)
Microsoft does seem to require its own Authenticator app to take an account passwordless, which sucks.
What you are referring to is called SMS 2FA. It's considered less secure because SMS messages can be intercepted without having access to your device.
This and other authenticator apps don't use SMS, they essentially generate a rolling code locally on your device that is synced with the various services you've enrolled with it. When prompted for your 2FA code, you use this app, to provide it. Nobody can intercept it unless they have your device and can log into it.
Its UI isn’t the best, but I’m pretty uninterested in anything other than Bitwarden at this point. I’ve been using it for work stuff while continuing to use iCloud Keychain for personal stuff, but I’m beginning to migrate those to Bitwarden as well.
Being able to supply regexes to limit password filling to specific subdomains and even paths is table stakes for my job. Everything else is just a bonus.
Being able to supply regexes to limit password filling to specific subdomains and even paths is table stakes for my job. Everything else is just a bonus.
Have been using Proton Mail since launch (although not as my primary email) and it's been good and reliable. End to end encryption is nice, sounds like I can replace Google Authenticator.
An attacker can spoof locally generated TOTPs if the setup code is compromised or brute-forced, neither of which necessarily requires physical access to a device. It’s definitely more secure than SMS-based 2FA, but a shared secret is only as good as its secrecy.