Two days ago, ProtonMail released version 3.6. A number of new features were added in this release. The biggest one is long-awaited: two-factor authentication. Another new feature that interested me is ProtonMail’s new single password mode.
I have been waiting (rather impatiently) for ProtonMail two-factor authentication since the service began. I rely on a second authentication factor to provide the best security possible for my online accounts. I have written about it generally and specifically here, here, here, and here. Not having this ability with ProtonMail has always held me back just a bit from committing more fully to their service. My wait is now over, however.
Two days ago ProtonMail released version 3.6 which incorporates two-factor authentication (full release notes are available HERE). ProtonMail two-factor is extremely easy to setup, but requires one of the following software tokens: Authy, Google Authenticator, FreeOTP, or Toopher. One feature I am really happy to see: backup codes. When you setup two-factor authentication, 16 backup codes are created. These are eight-characters long and alphanumeric (rather than simple numeric codes). With backup tokens I feel comfortable migrating to ProtonMail as my primary email provider, and knowing that loss or destruction of my phone won’t result in a total loss of my email account.
A comprehensive guide to ProtonMail two-factor authentication is available HERE.
ProtonMail Single Password Mode
Another interested feature offered in ProtonMail v3.6 is the ability to use a single password to login and access your mailbox. Though ProtonMail offered a very good write-up of how this works while still maintaining a high level of security, I still had some questions. The article frequently references a trade-off between usability and security. The question that remained for me was, “usability aside, is dual-password mode more secure?” So I reached out to Bart Butler at ProtonMail and got a very detailed response. I will post his full reply below, but if you’re looking for the TL;DR version, here it is: using legacy dual-password mode may be slightly more secure in some limited circumstances. I have already changed to a single password and am comfortable with that.
Hi Justin,So there are two things to consider I think. One is if there’s a chance of someone getting the login password and not the mailbox password if they are hacking you. The chances of that are pretty slim–the mailbox password is inherently more accessible. If there is a keylogger, they would get both on login. So that’s pretty much a non-issue. If you choose awful passwords and your login password is weak, a good mailbox password may act as a barrier to account compromise, but I think the additional entropy from two passwords isn’t going to matter at all realistically.The second thing is that in 2 password mode, if you have a copy of our database, you can attack the keys to get the mailbox password and the SRP verifier to get the login password. In single password mode you can attack either to get the shared password. So, if you do have a copy of our database, you can chose the easier one to attack. However, the only way to effectively attack either of them is via dictionary attack, and both at minimum involve a slow password hash function (bcrypt), which is likely to dominate the dictionary attack time. So neither will be easy. Assuming the key and SRP verifier would take roughly equal effort to break, and the attacker is just interested in your old mail, the time to conduct the dictionary attacks to decrypt your mail is the same for 1 password or 2 password. If the attacker wants to take control of your account by logging in as you, the effort would be twice as much for 2 password mode as single password mode, but keep in mind factors of 2 mean tend to mean little when talking about dictionary attacks.So yes, there is likely some minor security benefit of 2 password over 1 password in certain very specific situations, but it is pretty minor. On top of that 1 password + 2FA will secure your account much much better than 2 password alone, because 2 password alone doesn’t protect you against keyloggers/compromised devices. And 2 password + 2FA is really very onerous from the usability perspective in my mind–I’ve tried it and couldn’t stand it.Bart