October 14, 2022
End-to-end encrypted messaging service Proton Mail, developed by Swiss internet service provider Proton, said it will now allow consumers to use physical security keys as a method of two-factor authentication (2FA) when logging into their account to improve the user. security and privacy and reduce incidents of phishing and other email security threats.
Security keys, with a market size of $1.22 billion in 2021 and expected to grow at a CAGR of 11.8%, have become a popular way for consumers to add an extra layer of security when connecting to services and applications to minimize cyberattacks.
That said, it will support any security key as long as it meets the standards of the Universal 2nd Factor and FIDO2 protocols developed by the FIDO (Fast IDentity Online) Alliance, an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that “help reduce the world’s overreliance on passwords”. For example, it will support YubiKeys, a hardware authentication device that protects access to computers, networks and online services and supports one-time passwords, public-key cryptography and authentication.
The announcement came in response to a common request from the Proton Mail community, giving users one of the easiest and most secure ways to maximize account security.
Proton Mail has long supported authenticator apps as a 2FA method, which involves entering a time-sensitive six-digit code sent to their mobile device. Security keys work the same way, but instead of entering a code, the individual must insert a USB key into their device to log in. the user’s key to compromise the account.
Users using security keys will still need to enter their passwords, and while enabling security keys is optional, it can be done instead or in conjunction with an authenticator app. Proton Mail’s security key feature is also compatible with Apple’s authentication key, which means people with the latest Apple operating system can unlock their Proton account on the web via fingerprint or a face ID.
“Today, phishing is one of the most common ways individuals and organizations are compromised online, and phishing attempts have become increasingly sophisticated over the years. Physical security keys are a simple way to provide additional protection because even if a victim is tricked into entering credentials on a phishing site, it is difficult to compromise the target account without physically possessing the key themselves,” said Andy Yen, founder and CEO of Proton.
Email continues to become the number one threat vector, according to an April 2021 Frost and Sullivan report. The email security market was valued at $3.50 billion in 2021 and is expected to grow by 12, 8% year-over-year (yoy) over the next five years.