E-mail provider Proton Mail offers users the option of securing their account with a physical security key starting today. All keys are supported as long as they support the U2F or FIDO2 standard. A physical security key is a device that connects to the computer via USB, NFC or Bluetooth, for example. Security keys use a protocol based on standard public key cryptography.
A user who wants to use his security key for a website must first set it on the relevant website. During setup, the user registers a public key. When logging in, the website then asks for a cryptographic signature that proves that the user owns the private key associated with the public key. As a result, the security key will only work on the website for which it is registered.
With Proton Mail, the security key will have to be used as the second factor when logging in. Currently, the email provider supports time-based one-time passwords (TOTP) for two-factor authentication (2FA). TOTP can be tricky, according to Proton Mail, as the password has to be entered in a short time. In addition, a physical key shows that the user has the key to log in to his account. Because of this physical aspect, hardware keys are one of the most secure methods for 2FA, according to Proton Mail.