Π¨Π²Π΅ΠΉΡΠ°ΡΡΠΊΠ°Ρ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΡ Proton AG, ΡΠ°Π·Π²ΠΈΠ²Π°ΡΡΠ°Ρ ΡΠ΅ΡΠ²ΠΈΡΡ Proton Mail, Proton Drive ΠΈ Proton VPN, ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΠΈΠ»Π° ΠΎΡΠΊΡΡΡΠΎΠ΅ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅ Proton Authenticator, ΠΏΡΠ΅Π΄Π½Π°Π·Π½Π°ΡΠ΅Π½Π½ΠΎΠ΅ Π΄Π»Ρ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΠΏΡΠΈ ΠΏΠΎΠΌΠΎΡΠΈ ΠΎΠ΄Π½ΠΎΡΠ°Π·ΠΎΠ²ΡΡ ΠΏΠ°ΡΠΎΠ»Π΅ΠΉ Ρ ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅Π½Π½ΡΠΌ ΡΡΠΎΠΊΠΎΠΌ Π΄Π΅ΠΉΡΡΠ²ΠΈΡ, Π³Π΅Π½Π΅ΡΠΈΡΡΠ΅ΠΌΡΡ ΠΏΡΠΈ ΠΏΠΎΠΌΠΎΡΠΈ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° TOTP (Time-based One-Time Password). Proton Authenticator ΠΌΠΎΠΆΠ΅Ρ ΠΏΡΠΈΠΌΠ΅Π½ΡΡΡΡΡ ΠΊΠ°ΠΊ Π±ΠΎΠ»Π΅Π΅ ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»ΡΠ½Π°Ρ Π·Π°ΠΌΠ΅Π½Π° ΠΏΡΠΎΠΏΡΠΈΠ΅ΡΠ°ΡΠ½ΡΠΌ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ°ΠΌ, ΡΠ°ΠΊΠΈΠΌ ΠΊΠ°ΠΊ Google Authenticator, Microsoft Authenticator, Authy ΠΈ Duo, Π° ΡΠ°ΠΊΠΆΠ΅ Π² ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅ Π°Π»ΡΡΠ΅ΡΠ½Π°ΡΠΈΠ²Ρ ΠΎΡΠΊΡΡΡΡΠΌ ΠΏΡΠΎΠ΅ΠΊΡΠ°ΠΌ FreeOTP ΠΈ oathtool. ΠΠΎΠ΄ Proton Authenticator ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½ΡΠ΅ΡΡΡ ΠΏΠΎΠ΄ Π»ΠΈΡΠ΅Π½Π·ΠΈΠ΅ΠΉ GPLv3. ΠΠΎΡΡΡΠΏΠ½Ρ ΠΊΠ°ΠΊ ΠΌΠΎΠ±ΠΈΠ»ΡΠ½ΡΠ΅ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ Π΄Π»Ρ Android ΠΈ iOS, ΡΠ°ΠΊ ΠΈ Π½Π°ΡΡΠΎΠ»ΡΠ½ΡΠ΅ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΡ Π΄Π»Ρ Linux, macOS ΠΈ Windows. ΠΡΠΈ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠΊΠ΅ Π² Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ ΠΎΡ ΠΏΠ»Π°ΡΡΠΎΡΠΌΡ ΠΏΡΠΈΠΌΠ΅Π½ΡΡΡΡΡ ΡΠ·ΡΠΊΠΈ Kotlin, Swift ΠΈ Rust.
Phakathi kwezakhono kunye neempawu ezahlukileyo zeProton Authenticator:
- Inkxaso yokwenza ii-backups ezifihliweyo zezitshixo eziyimfihlo zasekuqaleni ukuze zigcinwe kwindawo yokugcina yasekhaya okanye efini.
- Inkxaso yongqamaniso lwezitshixo phakathi kwezixhobo ezininzi zabasebenzisi zisebenzisa i-encryption ekupheleni ukuya ekupheleni.
- Ukukwazi ukukhawulela ukufikelela kwisicelo usebenzisa ungqinisiso lwebhayometriki okanye ikhowudi yePIN.
- Ukukwazi ukufikelela kwiikhowudi kwimodi engaxhunyiwe kwi-intanethi, ngaphandle kwesidingo soqhagamshelwano lwenethiwekhi. Ikhowudi ye-QR ingasetyenziselwa ukufumana izitshixo.
- Akukho ntengiso eyakhelwe-ngaphakathi okanye abalandeleli.
- Sebenza ngaphandle kokuqhagamshela kwiakhawunti kwiinkonzo zeProton.
- Akukho qhagamshelwano kumenzi omnye.
- Ukungenisa nokuthumela ngaphandle imisebenzi ukufudusa izitshixo phakathi kwamaqonga ahlukeneyo. Inkxaso yezitshixo zokungenisa elizweni ezivela kwi-Google Authenticator, 2FAS, Aegis Authenticator, Bitwarden Authenticator, Ente Auth kunye ne-LastPass Authenticator.
I-algorithm ye-TOTP ivumela iikhowudi zokuqinisekisa zexesha elinye ukuba zenziwe kwisixhobo sasekhaya somsebenzisi kwaye ziqinisekiswe kwisixhobo sangaphandle. umncedisi, kusetyenziswa isitshixo esiyimfihlo kunye nexesha langoku njengeeparameter. Ukuze kuveliswe igama eligqithisiweyo, idatha iyatshintshiselwana phakathi komthengi kunye umncedisi Akukho mfuneko yegama eligqithisiweyo (kwanele ukuqalisa isitshixo kube kanye ngokuqaphela ikhowudi yeQR eboniswa yiseva okanye ngokungenisa ngesandla isitshixo). Ixesha lokuphila kwegama eligqithisiweyo lexesha elinye lidla ngokukhawulelwa kwimizuzwana engama-30, emva koko igama eligqithisiweyo elitsha kufuneka lenziwe. Igama eligqithisiweyo lenziwa ngokubala i-SHA-1, i-SHA-256, okanye i-SHA-512 hash xa kudityaniswa isitshixo kunye nexesha elilandelayo, kunye nokusebenzisa iibhithi ezininzi ze-hash ezisezantsi ukuze kukhutshwe amanani okuqinisekisa.
umthombo: opennet.ru
