How to use 2FA in Proton Pass

Reading
5 mins
Category
Using Proton Pass

One-factor authentication requires something you know (your login details). Two-factor authentication requires an additional something that proves your identity. This something is usually a physical device, such as your phone or a 2FA security key. Unless an adversary has physical access to this thing, they can’t access your accounts.

Two-factor authentication (2FA) provides a valuable additional layer of security for your account. 

One of the most common and secure ways to achieve 2FA is using an authenticator app on your smartphone. This generates six-digit time-based one-time passwords(new window) (TOTPs) that you can use to sign in to your online accounts. 

These TOTP codes prove that you are in physical possession of a phone registered to that account. This means that even if an attacker somehow steals your password, they still cannot get into your account without access to your mobile phone.

Proton Pass makes it convenient to use 2FA in this way. Instead of requiring a separate third-party authenticator app, Pass can securely generate TOTP codes for websites that you have saved login details for. 

How to configure 2FA codes

For the purposes of demonstration, we’ll enable and use 2FA on a Proton Mail account. The process will be very similar for any service that supports 2FA authentication using TOTP codes. 

Using the Pass browser extension

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA. Instead of scanning a QR code, select the enter key manually option and copy the numerical key provided.

Obtain 2FA key

2. Open the Proton Pass browser extension, select the entry for the service you wish to activate 2FA on → Edit

Edit Pass item

3. In the 2FA secret (TOTP) field, paste in the 2FA key you copied from the website, and click Save.

Paste in the 2FA key

Using the Pass Android app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

Find the QR code

2. Open the Pass app on your Android device, select the entry for the service you wish to activate 2FA on → Edit

Edit the Pass entry

2. Tap inside the 2FA secret (TOTP) field → Scan code.

Scan the QR code

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save

You can also configure 2FA codes manually on mobile devices. To do this, tap Paste code instead of Scan code and paste in or enter a 2FA key as described for configuring the browser extension above. 

Using the Pass iPhone and iPad app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

Find the QR code

2. Open the Pass app on your iPhone or iPad, select the entry for the service you wish to activate 2FA on → Edit

Edit the Pass entry

3. Tap inside the 2FA secret (TOTP) field → Open camera.

Open camera and scan the QR code

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save

You can also configure 2FA codes manually. To do this, tap Paste from clipboard instead of Open camera and paste in or enter a 2FA key as described for configuring the browser extension above. 

How to sign in using 2FA on Pass

Using the Pass browser extension

1. Visit a website you’ve previously configured to use 2FA on Pass. When prompted to enter a 2FA code, open the browser extension, select the correct entry (if it’s not automatically selected), and click on the OTP field to copy it to your device’s clipboard. You can now paste it into the 2FA code request field on the website you’re signing in to. 

Alternatively, you can manually enter the code.

Paste in the TOTP code

Proton Pass generates a new 2FA code every 30 seconds. A timer displays how long you have before a new code is generated. Once a new code is generated, the previous code is no longer valid.

The code lasts for 30 seconds

Using the Pass Android app

1. Visit a website you’ve previously configured to use 2FA on Pass. Log in using Pass. When you do this, a TOTP code is automatically saved to your device’s clipboard. 

2. When prompted to enter a 2FA code, long-pressPaste to paste in the TOTP code. 

Paste in the TOTP code

Using the Pass iOS app

On Android, when you log in to a site using Pass, the TOTP code is automatically copied to your device’s clipboard. If you are using our iOS app, you must enable this feature manually. This is because the app uses the iOS/iPadOS notifications feature, for which you need to grant permission.  

To do this, open the app, go to Profile (the “person” icon at the bottom right), and toggle the Copy 2FA code switch on.

Copy 2FA code

To use 2FA on an iPhone or iPad:

1. Visit a website you’ve previously configured to use 2FA on Pass. Log in using Pass. 

2. If Copy 2FA code (see above) is enabled, you can long-pressPaste to paste in the TOTP code when prompted. If it isn’t, you’ll need to manually copy the 2FA code over from the Pass apps. 

Paste in the TOTP code

Didn’t find what you were looking for?

General contactcontact@proton.me
Media contactmedia@proton.me
Legal contactlegal@proton.me
Partnerships contactpartners@proton.me