The Nimble Nerd white logo

Proton Authenticator iOS Bug: Plaintext TOTP Secrets Exposed – Fixed in a Flash! 🚀

Proton’s new iOS Authenticator app had a bug logging TOTP secrets in plaintext. Meaning, your 2FA codes might have been chilling out in debug logs, just waiting for an accidental overshare. Fear not, a fix is out now! And remember, if someone has access to your device, they already hold the keys to your kingdom.

3P
Published: August 4, 2025 7:16 pmAdded: August 4, 2025 at 12:42 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Proton’s new iOS Authenticator app was like an overenthusiastic waiter who accidentally served your secret recipe to the entire restaurant. Luckily, they’ve cleared the table before anyone got a taste!

Key Points:

  • Proton’s iOS Authenticator app had a bug that logged TOTP secrets in plaintext.
  • The issue was discovered by a user who noticed missing 2FA entries.
  • The bug was related to logging code in the iOS version of the app.
  • Proton released a fix (version 1.1.1) to address the logging behavior.
  • The bug didn’t pose a remote threat but could expose secrets if logs were shared.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?