No more captcha

EDIT: 6/6/2014 – Due to this update, it might be necessary to clear your browser cache before trying to log into ProtonMail, otherwise the mailbox decryption step may fail.

Effective immediately, we have removed the captcha from the ProtonMail login systems. Frankly, it was not very effective at deterring brute force attacks and makes the login process more cumbersome.

We have implemented a far more effective password brute force protection system now which will shortly be complemented with 2 factor authentication.

We want to stress that this is NOT a substitute for using strong passwords. The best way to avoid  brute force attack is still to use a strong passphrase that has a good mix of upper/lowercase, numbers, and special characters (!@#$%^&* etc….).

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.

Comments are closed.

29 comments on “No more captcha

  • this will not involve cell phone verifying because i dont have a cell phone to that if it is

    • Two factor authentication involves a number usually 6 digits sent to your cellphone for an added layer of security while logging in, but it’s use usually isn’t mandatory.

  • Hi, great idea to use 2 factor authentication.
    I would suggest also as 2 factor authentication option:
    waiting anxiously to receive my invitation to use the service.

  • cell phone verification would suck, imo it would seem counter-intuitive for a privacy/anonymity based service… :/

    • 2FA will be optional, and there will be a software option that does not require phone to work.

      • Of course. There’s various programs for smart phones that use 2FA. But there’s also a method for non-smart phone users like myself. The system sends a text message with a one time code that you enter. It means you need the phone on you, but that’s the key purpose of this kind of verification. Hackers need your user information and your phone to be able to get access. Without both, they fail.

        Another method, that I use as well, is through a program called KeePass, with a plugin called Keeotp, which allows for the creations of OTP codes that is used in 2FA. This does defeat the purpose of having a separate physical device for the verification, but it’s useful for those who want the extra security and don’t have a phone they can use. That or they always end up losing said phones often. The only upside is that they are storing the OTP generator in a Password Vault program, which can be secured with it’s own methods, but it only takes a keylogger and/or malware and/or security exploits to get access to the vault and everything inside.

  • Awesome advancements, can’t wait for my account to finally get opened up, a month after signup and I am still not activated. :(
    These devs have outdone themselves, great job!

  • Hi folks,

    Slightly off topic from the subject of captcha, but regarding images. When i open a mail in protonmail, the images are displayed automatically. Even on crappy old yahoo mail, you had the option to not display the images in the email.

    As you probably know, when an image is displayed in a mail, this can be used for tracking purposes etc. It would be great if at some point, there was an option in protonmail to have the choice of images/no images.

    Sorry for posting here, didnt know where to put it. Once again thanks for an amazing email service.


  • Me encuentro en espera de la invitación para comenzar a usar la dirección de correo protonmail que
    ya reservé, el mes pasado, quisiera saber aprox en cuanto tiempo podré disponer de ella, muchas
    gracias por su servicio !!!

    • Mis palabras han sido adulteradas por el sistema no sé si entiende ahora el sentido, quiero saber en cuanto tiempo podré usar protonmail, reservé el mes pasado, gracias.

  • Hi ,

    Sorry for the off topic message. I encountered several time the problem that my contacts that use Windows mail accounts ( @live, @outlook, @hotmail) get my mails redirect in the Spam folder. Is this a know issue ?

    Thanks for the great job !

    • Yes, Microsoft’s spam filter is not very intelligent and often incorrectly classifies emails. Please have the contacts mark the emails as not spam and eventually this problem should go away.

  • what is the longest number of characters that can be used for passwords or decrypt codes? Is it 256 by default? less? more?
    Best regards

    • I agree. Using proton because I didn’t want to give my email or phone number in the first place. Please find a better solution proton. I cannot open an account until you do.

  • Hello

    In the sign-up process it states
    “We do not permanently save your email or phone number, it is deleted after verification.”

    I was curious why I get a message saying
    “Email address or phone number already used”?
    How does the system know the email/phone number has never been used? Or is it a semantics thing where you store the emails and phone numbers that get used and if the correct code is not supplied then they email/phone number never gets deleted?

  • Git gud instead of compromising privacy anyone using proton doesn’t give 2 shits what yahoo or gmail thinks

  • Why did Proton Mail use Google’s captcha in the first place? I subscribed to the paid service the same day Proton Mail began providing my info to google. You have lost all credibility and I will most likely stop paying in the near future.