The PIN is fine, the fact that it is opt-in is not. Thousands, if not more, sit with a openly-accessible password stack in their machine.
It’s opt-in on all the platforms, and I’m not aware of a single app that would require using a PIN or a password by default.
I know this is about Signal in this thread, but I just wanted to share the email from Proton yesterday, since it might help knowing what is coming from their side:
"Dear Proton Visionary supporter,
We’re excited to announce you’re the first to receive early access to a new feature: extra password. You’ll also be the first to give us feedback and help shape its development.
All Proton Accounts are already secured with strong, robust encryption, but our optional extra password feature allows you to compartmentalize your Proton Pass account. It lets you create an extra password you must enter before you can access your logins and other sensitive information in Pass.
With extra password enabled, even if an attacker gets a hold of the password to your Proton Account, they cannot access your Pass account unless they also know your extra password.
Extra password is available across all our apps (browser extensions, web app, Android, iOS, Windows, macOS, and Linux).
How to set an extra password on Proton Pass
- Ensure you have the latest version of Proton Pass:
- Browser extensions (Chrome, Firefox*, Safari): 1.19.0
- Android: 1.23.1
- iOS: 1.12.0
- Desktop apps (Windows, macOS, Linux): 1.19.0
- Web app: 1.19.0
*Firefox still pending approval, will be available in the coming days
- On browser extension: Click the Proton Pass logo on the top left corner → Settings → Security → Extra password.
On Android or iOS: Click the Profile tab on the bottom right corner → Account → Extra password for Proton Pass.
-
Create an extra password that’s at least eight characters long. Be sure to choose a memorable one, as you won’t be able to access your Pass account without it.
-
Your extra password is now set, and you’ll need to enter it (and your Proton Account password) whenever you sign in to Proton Pass. When you first set an extra password, you’ll be logged out of Pass on all your devices and will need to sign in again."
@ph00lt0 Ahh shit, so they did decide to waste their time on this feature, thank God it’s opt-in.
1 Like
How is this a waste of time? It’s a mandatory feature, and it’s not right that the PP password should be the same for all accounts.
It’s about time it arrived
1 Like
Yeah also got it. Quite pointless imho. Not going to use it. Its not always a good idea to listen to your customer…
1 Like
Yeah, this pointless feature got over 1000 votes on UserVoice.
I wish they just educated their users instead of wasting time that could be spent on adding more important features to Proton Pass.
Would’ve been much more interesting if they had used the same feature as 1Password instead of this.
What does 1Password use?
Bitwarden does, and by default ask for your Master Password every 15 minutes.
Is this the case for all of their apps and extensions, or not?
Let me help you out man 
mBank banking requires either PIN or FaceID/fingerprint.
.
Yes it is. You can modify, but default is that
So, after you unlock your LUKS partition, your private keys are potentially exposed. Users’ sensitive data contained in a LUKS partition, once unlocked, is potentially exposed to non-root access such as evil maids, remote exploits, unsecured network backups, cloud backups and Microsoft Recall.
The SSH and GPG clients apply password protection to locally-stored private keys. Signal Desktop locally stores private keys in plaintext and lacks a password protection option.
I’m referring to 1Password’s secret key feature.
Wish if there was a Desktop third-party client that focused on security and privacy like Molly does on Android
Unfortunately, the project below doesn’t seem to be the case
- Encrypted storage (As I am not a security-expert, I do not guarantee anything. Read the
Security-section)
Meredith to spread on X to the allegations
2 Likes
There is a lot of fear-mongering going around about Signal at the moment, in order to cause people to panic and switch to less secure messengers like Telegram. Not just about this issue, but it’s ramped up over the past year or so. It’s an ongoing coordinated effort, and it’s very unfortunate.
There are some things Signal should fix here certainly, but the way this has been communicated on Twitter/Mastodon makes it seem like people have ulterior motives here, or are acting as useful idiots for the people who have ulterior motives.
I think there is a world in which clear heads prevail, the trolls get ignored, and Signal makes some improvements to their app.
I will say though, macOS and iOS users will have a good Signal Desktop alternative this fall when macOS Sequoia comes out, because you can just access your phone’s install remotely with the new mirroring function.
10 Likes
Meredith’s response is so bad. Point 1 and 3 are just lies, this issue has been known to Signal’s developers since 2018.
Mysk’s response
4 Likes
Agreed, there is definitely a weird campaign going on to smear Signal and drive people to Telegram, which I would never recommend.
The problem is that Meredith’s follow-up on this seems super mishandled.