Not great but could be worse. I'll keep an eye on it. I may find a use for it if they don't have any more incidents like this.
As a step up in sign in security I strongly prefer to use my TOTP auth offline using a YubiKey. Very fast an no authentication numbers travel over the internet so there is nothing to "pick off" by an experienced hacker. I don't use Protonmail much but I do have Proton Drive to hold things for me.
thier mail service is nice but rest of thier apps are garbage.... instead of proton auth i recomend use Ente or Aegis https://f-droid.org/pl/packages/io.ente.auth/ https://f-droid.org/pl/packages/com.beemdevelopment.aegis/
To clarify, it didn't affect the desktop version right? I think I might give it a try, and perhaps it's a good idea to block it from getting network access?
I couldn't tell you, haven't actually used it. Just watching and waiting to see if I decide to do so.
It's a bit confusing, I now read that Proton says that logs ''always store TOTP secrets in plain text'' but never send them unencrypted to the server? So they are saying that if a hacker gets access to your device you will always have a problem? It's not clear if they fixed this issue or not, but I don't think I'll be using their desktop app anytime soon.
Very likely but in that situation you already have a bigger problem. From what I have seen I don't think this will be a product that is in my short term plans.
