Proton adds the option to log in with physical U2F and FIDO2 security keys in services such as Proton Mail, Proton Drive and Proton Calendar. For the time being, the function only works as an additional login method and can only be enabled if totp authentication is also used.
Proton writes in a blog post that users can now add security keys to their Proton account. Users can do this in the account settings, under ‘account and password’. Users can associate multiple security keys with their Proton account, which is used to log into services Proton Mail, Proton Drive, Proton Calendar, and Proton VPN. The service supports U2F and FIDO2 keys, such as YubiKeys. Proton can now also handle biometric 2fa methods built into certain devices, such as Apple’s Touch ID and Windows Hello.
Users can currently only use their security keys to log in to the browser versions of Proton services. Currently, that’s not yet possible in Proton apps for phones, although the company on Reddit reports that they are working on it. It is unknown when this option will appear.
Security key support is also currently only available as an additional login factor. Users can only add a security key after setting up 2fa with an authenticator app on their smartphone. Users can then choose with every login whether they want to use their security key or a totp code via an authenticator app. It is not known whether Proton will remove the top requirement in the long term.