Proton Mail will allow users to login using physical security keys

End-to-end encrypted email service Proton Mail, developed by the Swiss internet services provider Proton, said that it will now allow consumers to use physical security keys as a two-factor authentication (2FA) method when logging into their account to enhance user’s security and privacy and reduce incidents of phishing and other email security threats.
 
Security keys, with a market size of $1.22 billion in 2021 and is slated to grow at a CAGR of 11.8%, have become a popular way for consumers to add an extra layer of security when logging into services and apps to minimise cyber-attacks. 

That said, it will support any security key as long as it adheres to the standards of Universal 2nd Factor and FIDO2 protocols developed by the FIDO (Fast IDentity Online) Alliance, an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world's over-reliance on passwords". For example, it will support YubiKeys, a hardware authentication device that protects access to computers, networks, and online services and supports one-time passwords, public-key cryptography, and authentication. 

The announcement came in response to a common request from the Proton Mail community, offering users one of the simplest and most secure ways to maximise account safety. 
Proton Mail has long supported authenticator apps as a 2FA method, which entails entering a time sensitive, six-digit code sent to their mobile device. Security keys function similarly, but instead of entering a code the individual must insert a USB into their device to log in. The requirement of hardware to log in minimises the user’s vulnerability to phishing, and would force a potential attacker to actually locate and take the user’s key to compromise the account. 

Users employing security keys will still be required to enter their passwords, and while enabling security keys is optional, it can be done in lieu of — or in conjunction with — an authenticator app. Proton Mail’s security key feature is also compatible with Apple’s Passkey, meaning people with the most recent Apple operating system can unlock their Proton account on the web via fingerprint or face ID. 

“Today, phishing is one of the most common ways in which individuals and organisations are compromised online, and phishing attempts have become increasingly sophisticated over the years. Physical security keys are a straightforward way to provide additional protection because even if a victim is tricked into entering credentials on a phishing site, compromising the target account without physical possession of the key itself is difficult,” said Andy Yen, Founder and CEO of Proton. 

Email continues to become the number one threat vector, as per an April 2021 Frost and Sullivan report. The email security market was valued at $ 3.50 Billion in 2021 and is estimated to grow at 12.8% year-over-year (y-o-y) in the next five years.