▲ 2 r/ProtonMail
I could miss something, but it looks like platform security keys were not discussed much. Still, users can set passkeys as the second step of authorisation instead (or together with) of totp.
Effectively, the passkeys solve the problem of phishing threats. Just as TOTP does but without additional actions and without a second device (while we can use them from other devices via Bluetooth with some browsers).
But how much security do they provide besides phishing sites — that is still unclear for me. Is it better to replace totp with passkeys? Keep them in recovery backups to avoid being locked out?
My current setup:
- Laptop: platform keys only. I trust the system on the laptop, and password synchronisation is turned off. So passkeys never leave the machine.
- Phone: considering setting up local-only passkeys via KeePass. But still use totp.
I wonder how other users decide what to do with passkeys for Proton
u/HermannSorgel — 14 days ago