I understand the concern of having 2FA and Password vault under 1 account. This creates a single factor to access everything and is indeed a security risk.
I should have been clearer, but what I meant is: “Why is the use of Proton Pass considered problematic, with the reason ‘dont put all eggs in one basket’?”
I just realized it’s because of the same thing: mail is used as MFA too.
Thank you for your reply!
I understand the concern of having 2FA and Password vault under 1 account. This creates a single factor to access everything and is indeed a security risk.
I should have been clearer, but what I meant is: “Why is the use of Proton Pass considered problematic, with the reason ‘dont put all eggs in one basket’?”
I just realized it’s because of the same thing: mail is used as MFA too.
Proton Pass specifically, is not problematic. The problematic part is just having both passwords and TOTP keys in the same vault (basket).