You asked, we delivered! All Proton mobile apps now support #FIDO2 for #2FA. 
Use security keys like YubiKey for an extra layer of protection. Here’s how: https://proton.me/support/2fa-security-key
#2fa
0 posts0 participants0 posts today
Did you know? 
You can securely log into @Proton_Pass on Android and iOS using #FIDO2 for two-factor authentication (#2FA).
Here's how: https://proton.me/support/set-up-fido2-on-mobile
ProtonHow to set up FIDO2 on your mobile device | ProtonThis article explains to set up a FIDO2 security key for your mobile device and use it to log into Proton Pass.
Lots of new followers (hi!) recently. Some of you are in the #infosec or #cybersecurity communities, the #privacy community, both, or neither. I post privacy and #security related things for individuals and small/micro organizations.
Some are looking for a place to “get started” with improving their privacy and/or security online. In any case, privacy and security start with some basics that I strongly believe everyone should do:
1. Develop good password management practices, which includes NOT reusing #passwords.
2. Keep your device #software and firmware updated.
3. Use multifactored authentication #mfa / two-factored authentication #2fa
Security is a process. It is also the foundation to online privacy; what good is it to use an encrypted email service if you are reusing weak passwords from your other online accounts?
Meine Datenschutz und Privatsphäre Übersicht, für die allgemeine Nutzung.
( stand: 22. April 2024 )
#DSGVO #Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#Email #Fossify
#GOOGLE #Meta #WHATSAPP #Threema
#Hateaid #Cyberstalking
#Messenger #Browser #Youtube #Piped #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Appel #Windows
#Linux #Matrix #Mastodon #Fediverse #2FA #Ransomware #foss #VeraCrypt #mobilsicher
#Bürgerrechte #FragdenStaat #Volksverpetzer
#ProtonPass, le gestionnaire de #MotDePasse de @protonprivacy, prend désormais en charge les #PassKeys. Peu de sites utilisent déjà cette technologie, mais le nombre augmente de plus en plus. Une nouvelle couche de #sécurité pour vos connections, plus performante et sûr que la #2FA
Which open-source TOTP code generator do you use on Android?
This Week in Self-Hosted (23 February 2024)
The latest news, updates, launches, a spotlight on #2FAuth - a 2FA token manager, and more in this week's self-hosted recap!
selfh.st · This Week in Self-Hosted (23 February 2024)Self-hosted news, software updates, launches, and a spotlight on 2FAuth, a self-hosted 2FA web application
Meine Datenschutz und Privatsphäre Übersicht, für den allgemeinen Gebrauch.
( stand: Januar 2024 )
(10.01.2024
Die Schweiz liest mit
es ist unbekannt ob Threema und Proton,
noch sicher sind.
wollte Ich hiermit nur ergänzen
www. republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle )
#DSGVO #Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#Email
#GOOGLE
#FACEBOOK #WHATSAPP #Threema
#Hateaid #Cyberstalking
#Messenger #Browser #Youtube #Piped #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Appel #Windows
#Linux #Matrix #Mastodon #Fediverse #2FA #Ransomware
Continued thread
@protonmail are there any plans to change the fact that #ProtonPass uses the same password as our #ProtonMail, #ProtonDrive and #ProtonCalendar? It just seems like a design flaw and security concern?
For example, I can't use ProtonPass to store a randomly generated password for my email, as it uses my #Proton account. Also, assuming I now use a password for my ProtonMail, if the password becomes comprised in whatever way, my password manager is also compromised.
This effect is cascaded by the fact that ProtonPass can be used as a #passwordmanager and #2FA, so I can't use it for my 2FA for my email.
This is probably one of my few reasons to not switch from #Bitwarde.
Happy New Year!
As of today, #2FA is now required on @pypi 
Read more here: https://blog.pypi.org/posts/2024-01-01-2fa-enforced/
blog.pypi.org2FA Required for PyPI - The Python Package Index BlogPyPI now requires 2FA for all users.
Continued thread
Cloud untergräbt Sicherheit von Zwei-Faktor-Authentifizierung (2023-09)
Zwei-Faktor-Authentisierung ist ein wichtiger Aspekt zur Sicherung unserer Online-Infrastruktur und -Daten. Leider erfordert sie ein paar zusätzliche Schritte und Vorsichtsmassnahmen. Deshalb haben viele Nutzer sie nicht aktiv. #PassKey soll das vereinfachen. Aber man sollte sie nicht so einfach auf angeblich neue Geräte syncen…
#2FA #MFA
https://dnip.ch/2023/09/19/cloud-untergraebt-sicherheit-von-zwei-faktor-authentifizierung/
Using @protonmail #ProtonPass is the #nutz... I 
the #2FA functionality...!
Any login credentials I use that has #2FA (#TOTP) I instantly disable it, then re-enable using #ProtonPass instead of #Twillo.
Can be tedious, but totally worth the effort.
Just need that #ProtonPass web app and some better offline access...
When offline, sadly I need to fallback to my old @bitwarden app... which is slowly getting out of sync as I am a #chronic password manipulator...
Continued thread
.... if someone obtains access to your Google Account, all of your 2FA secrets would be compromised.
Also, 2FA QR codes typically contain other information such as account name and the name of the service (e.g. Twitter, Amazon, etc). Since Google can see all this data, it knows which online services you use, and could potentially use this information for personalized ads.
Surprisingly, Google data exports do not include the 2FA secrets that are stored in the user's Google Account. We downloaded all the data associated with the Google account we used, and we found no traces of the 2FA secrets.
The bottom line: although syncing 2FA secrets across devices is convenient, it comes at the expense of your privacy. Fortunately, Google Authenticator still offers the option to use the app without signing in or syncing secrets. We recommend using the app without the new syncing feature for now.
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 
Meine Datenschutz,
Übersicht, für den allgemeinen Gebrauch.
- Wie verschlüssel ich e-mails ??? 
- Messenger vergleich !!
u.v.m 
#DSGVO #Datenschutz #Privatsphäre #Sicherheit #Verschlüsselung #Email #GOOGLE #FACEBOOK #WHATSAPP #Messenger #Browser #Youtube #nichtszuverbergen #ÜberwachungsKapitalismus #Chatkontrolle #Microsoft #Appel #Windows
#Linux #Matrix #Mastodon #Fediverse #2FA
If you’re new, you may have trouble finding the #2FA / #MFA settings.
Click account, then click the hamburger menu again and you will find a nested setting for Two Factor Authentication
e.g.,
https://infosec.exchange/settings/two_factor_authentication_methods
Mastodon hosted on infosec.exchangeInfosec ExchangeA Mastodon instance for info/cyber security-minded people.