ProtonBlog(new window)

Protect your Proton Account with YubiKey and other security keys

Share this page

You keep important moments of your life in your Proton Account. Whether it’s bank statements you receive in Proton Mail, photos you store in Proton Drive, or events you set up in Proton Calendar, your data deserves to be protected. 

Today, we’re happy to introduce the simplest and most secure way of keeping your account safe: security keys, also known as hardware keys or two-factor authentication keys (2FA keys)(new window). You can now sign in to your Proton Account on the web using a hardware key, such as a YubiKey, as long as it adheres to the U2F or FIDO2 standard(new window).

Set up a security key 

What are security keys

Have you ever signed in to an online account and been asked to verify your identity with a six-digit code sent to your mobile device? That’s two-factor authentication (2FA)(new window). Enabling 2FA is critical to securing your Proton Account — with 2FA, even if an attacker gets a hold of your password, they cannot sign in to your account without access to your mobile device.

Security keys are another form of 2FA. They help you prove your identity when you’re logging in to an account, app, or device. If you choose to use a 2FA key, you’ll be asked to plug in your key every time you sign in to your Proton Account.

Why you should use a security key

At Proton, we support 2FA using time-sensitive verification codes (TOTP) generated by an authenticator app installed on your mobile device. We use TOTP as it is more secure than 2FA using text messages, which are vulnerable to SIM-swapping attacks(new window).

However, using TOTP can be inconvenient as it involves entering a code in a short period of time. Having a hardware key removes this hassle. Hardware keys are also a “possession factor”, which proves you physically own the key used to authenticate your account. Due to their physical nature, hardware keys are one of the most secure forms of 2FA. 

They are also convenient and easy to use — all you need to do is to plug your key into your computer when asked to verify your identity. Depending on your device, you may even use its built-in security key to verify your identity with biometrics such as Apple’s Touch ID or Windows Hello.

Learn how to set up a security key with your Proton Account

As we continue to expand our private-by-default ecosystem, we’ll be adding support for security keys across all Proton platforms, including our desktop and mobile apps. 

Thank you for your support, and we look forward to introducing even more privacy-first features in the upcoming months.

Protect your privacy with Proton
Create a free account

Share this page

Lydia Pang(new window)

Lydia is a lifelong book-lover and her professional experience spans several industries, including higher education and editorial writing. She's excited to write for Proton and champion privacy as a fundamental right for everyone.

Related articles

Even though the Snowden leaks came out 10 years ago, the United States never ended its unconstitutional surveillance program. It now has a chance to close the legal loopholes that allow warrantless spying on US citizens. But Congress needs to act bef
Over the past year, hackers have been using new and clever techniques to steal people’s online data. At Proton, we’ve been monitoring these evolving strategies and updating our defenses to stay ahead of the arms race.  Often, the attacks involve new
password fatigue
Most people in the digital age have dozens, if not hundreds, of passwords, and keeping track of them is tiring, to say the least. If you’re suffering from password fatigue, you’ll be happy to know there’s an easy fix. The short answer is that you sh
are password managers safe?
Password managers are a great way to generate secure passwords, keep them in encrypted storage together with your credit card details, and improve your online security across the board. But you might be worried about keeping so much sensitive data in
Most of us probably wouldn’t consent to sharing photos of our family and friends with random strangers on the internet. But that’s exactly what we do when we automatically sync our pictures to the non-private servers of Big Tech companies, which can
Google Drive is the world’s most popular cloud storage service by far, with over 3 billion people using Google Workspace (which includes Google Drive, Google Calendar, Gmail, and more). But this ubiquity has recently caused concern following several