No more captcha

EDIT: 6/6/2014 – Due to this update, it might be necessary to clear your browser cache before trying to log into ProtonMail, otherwise the mailbox decryption step may fail.

Effective immediately, we have removed the captcha from the ProtonMail login systems. Frankly, it was not very effective at deterring brute force attacks and makes the login process more cumbersome.

We have implemented a far more effective password brute force protection system now which will shortly be complemented with 2 factor authentication.

We want to stress that this is NOT a substitute for using strong passwords. The best way to avoid  brute force attack is still to use a strong passphrase that has a good mix of upper/lowercase, numbers, and special characters (!@#$%^&* etc….).

About the Author

Admin

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

24 comments on “No more captcha

    • Two factor authentication involves a number usually 6 digits sent to your cellphone for an added layer of security while logging in, but it’s use usually isn’t mandatory.

      Reply
  • Hi, great idea to use 2 factor authentication.
    I would suggest also as 2 factor authentication option: duosecurity.com
    waiting anxiously to receive my invitation to use the service.
    cheers

    Reply
  • cell phone verification would suck, imo it would seem counter-intuitive for a privacy/anonymity based service… :/

    Reply
      • Of course. There’s various programs for smart phones that use 2FA. But there’s also a method for non-smart phone users like myself. The system sends a text message with a one time code that you enter. It means you need the phone on you, but that’s the key purpose of this kind of verification. Hackers need your user information and your phone to be able to get access. Without both, they fail.

        Another method, that I use as well, is through a program called KeePass, with a plugin called Keeotp, which allows for the creations of OTP codes that is used in 2FA. This does defeat the purpose of having a separate physical device for the verification, but it’s useful for those who want the extra security and don’t have a phone they can use. That or they always end up losing said phones often. The only upside is that they are storing the OTP generator in a Password Vault program, which can be secured with it’s own methods, but it only takes a keylogger and/or malware and/or security exploits to get access to the vault and everything inside.

        Reply
  • Awesome advancements, can’t wait for my account to finally get opened up, a month after signup and I am still not activated. 🙁
    These devs have outdone themselves, great job!

    Reply
  • Hi folks,

    Slightly off topic from the subject of captcha, but regarding images. When i open a mail in protonmail, the images are displayed automatically. Even on crappy old yahoo mail, you had the option to not display the images in the email.

    As you probably know, when an image is displayed in a mail, this can be used for tracking purposes etc. It would be great if at some point, there was an option in protonmail to have the choice of images/no images.

    Sorry for posting here, didnt know where to put it. Once again thanks for an amazing email service.

    Abe.

    Reply
  • Me encuentro en espera de la invitación para comenzar a usar la dirección de correo protonmail que
    ya reservé, el mes pasado, quisiera saber aprox en cuanto tiempo podré disponer de ella, muchas
    gracias por su servicio !!!

    Reply
    • Mis palabras han sido adulteradas por el sistema no sé si entiende ahora el sentido, quiero saber en cuanto tiempo podré usar protonmail, reservé el mes pasado, gracias.

      Reply
  • Hi ,

    Sorry for the off topic message. I encountered several time the problem that my contacts that use Windows mail accounts ( @live, @outlook, @hotmail) get my mails redirect in the Spam folder. Is this a know issue ?

    Thanks for the great job !

    Reply
    • Yes, Microsoft’s spam filter is not very intelligent and often incorrectly classifies emails. Please have the contacts mark the emails as not spam and eventually this problem should go away.

      Reply
  • what is the longest number of characters that can be used for passwords or decrypt codes? Is it 256 by default? less? more?
    Best regards

    Reply
    • I agree. Using proton because I didn’t want to give my email or phone number in the first place. Please find a better solution proton. I cannot open an account until you do.

      Reply