cross-posted from: https://lemmy.ml/post/18959419

I am alone… or not? I don’t know if it’s a bug just for me or not… but anyone already have issues with TOP using ProtonPass?

Currently I can’t use TOTP codes generated from ProtonPass on wesites like Lemmy.ml, Infomaniak, my CheckMK instance, and few others…

I put them on Proton Pass and Aegis, 'cause I don’t want to put my Proton account 2FA in Proton Pass for security. So as I’m using Aegis, I put all of them into it too. But Proton TOTP code results as erros and Aegis one (which are differents) are ok… I was thinking about SHA256 and SHA1 but don’t seems to be the reason…

Thanks and if your are in the case, don’t worry… You’re not alone!

  • EmperorHenry@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    I started using Aegis as soon as I saw the update for the google authenticator that “securely stores” my authentication tokens…in google’s own severs…that get hacked all the time.

    Don’t use proton pass to store your 2FA tokens, use something like Aegis for 2FA tokens instead, and be sure to password protect it with a password that you DON’T store inside of proton pass

    • darkham@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      As said I already use Aegis, but I want to live without my phone x) and I’m ok with security issues to put passwords and totp at the same place.