Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Encrypted Email Service ProtonMail Now Supports Physical Security Keys

ProtonMail is the latest company to allow the use of physical security keys to log into accounts through two-factor authentication. Proton is a Switzerland-based company offering numerous popular services like end-to-end encrypted ProtonMail.

According to ProtonMail, the company acknowledges that users look for better protection of sensitive data and prevent hackers and third parties from accessing it. The latest step of allowing consumers to use security keys in 2FA to log into their accounts is aimed at enhancing user data security and privacy and reducing the possibility of email security threats such as phishing scams.

So far, ProtonMail has used time-sensitive verification codes/Time-based one-time passwords (TOTP) created by an authentication app installed on the mobile device. However, despite being a safer method than sending the code in SMS messages to the device, it has a shortcoming: the received code’s introduction period was relatively short.

Now, the company is allowing users to perform 2FA via security keys to eliminate the hassle for good. And it will make the user feel more confident about their data’s security because of the possession element, as they would physically have the key.

Another benefit is that consumers can use the integrated security key to verify their identity using Windows Hello, or Apple Touch ID-based biometric data.

Regarding the keys it will support, ProtonMail explained that for now, it would be supporting YubiKey and keys that comply with the FIDO2 (Fast IDentity Online) or U2F (Universal 2nd Factor) standard.

Encrypted Email Service ProtonMail Now Supports Physical Security Keys

For your information, YubiKey is a hardware authentication device used to protect access to networks, computers, and online services. It supports OTP (one-time passwords), verification, and public-key cryptography.

Physical security keys are a straightforward way to provide additional protection because even if a victim is tricked into entering credentials on a phishing site, compromising the target account without physical possession of the key itself is difficult.

Andy Yen, Founder and CEO of Proton

This step from ProtonMail has paved the way for mobile devices to be used as security keys, and the company aims to expand its support for various other options.

  1. ProtonMail’s Free ProtonVPN to Fight Online Censorship
  2. Email Encryption Service Provider ‘ProtonMail’ Now on Tor
  3. German court forcing Tutanota to let authorities read emails
  4. “ProtonMail Contacts” launches encrypted contacts manager
  5. Microsoft bars Tutanota users from registering MS Teams accounts


I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related News

CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub, a Microsoft subsidiary has replaced its SSH keys after someone inadvertently published its private RSA SSH host key part of…