- 32 Posts
- 9 Comments
Joined 1 year ago
Cake day: July 11th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·30 days agoNot sure I understand the question. A key can be used on Web as well as on the mobile apps now, instead of TOTP (which however cannot be yet disabled). It is generally advised to have a multiple key pair, incase one is lost / defect.
There is a reason this works and why another provider with static portfowarding removed portforwarding :)
Regarding password managers:
All password managers keep data unencrypted in memory. You can’t encrypt the data in memory because then the application cannot use the data while it is running. It’s an universal issue for password managers, and not something that can be fixed.
While you can obfuscate the data, this is really security theater, because it is trivial to reverse engineer the obfuscation. In the future, Proton Pass may also obfuscate, but it doesn’t actually add any security.
If you enable PIN lock, the data is encrypted locally and cleared from memory when the PIN lock is activated. The security benefit of this in the case of a compromised device is likely marginal, as malware on a device would be able to key log the pin and bypass it in that manner. However, PIN lock can be desirable on a shared device (although somebody with access to the shared device could also install a keylogger…).
In the previous version of Proton Pass, after the PIN lock, it can take up to 30 minutes to clear data from memory, while the new version clears it immediately. It was previously immediate, but a code regression set it back to up to 30 minutes, but this has now been fixed. In general, for the reasons previously explained, we would not advise people to rely upon the PIN to secure against malware or shared devices, and that’s why PIN is not enabled by default, as the security benefit is likely marginal.
By the way, to even take advantage of this, somebody would need to have access to the device and the ability to access the device memory, in which case the PIN is not going to be effective because the device is already compromised. Unfortunately protecting against this type of device compromise is beyond the scope of Proton Pass (or any other password manager).
Yes, as long as you’'re not above the Duo plan limitations (e.g storage or custom domains)
For those asking about Stealth on Linux, quote from the team:
With Wireguard for Linux about to come out of beta and we are planning to bring Stealth to Linux as well.
Yes
Just a note to add, this is just the re-confirmation of this year, the two previous years they have had no-logs policy audits as well :)
Just to answer here in the thread also, as answered on reddit:
IKEv2 has been discontinued on iOS for security reasons:
https://protonvpn.com/support/discontinuing-ikev2-openvpn-macos-ios/
You’ll have to use an app, whether that is the Proton VPN app, Open VPN app, WireGuard app or something like Passepartout.
The OpenVPN app works with the OpenVPN protocol and thus with the OpenVPN configuration files.
The WireGuard app works with WireGuard configuration files.
Passepartout works with both, OpenVPN and WireGuard configuration files.
Apple officially allows and supports VPN apps since tvOS 17 and there are many VPN apps available for Apple TV now.