Yahoo Database Breach Password Reset

ProtonMail Security Advisory Regarding Yahoo Hack

September 23rd, 2016 in Security

Confirming what was long suspected by the security community, Yahoo today confirmed a massive breach of over 500 million email accounts, including both credentials and security questions. This is a major security incident that also has consequences for certain ProtonMail users so we are putting out this important security advisory. At the time of writing, …

Our Encrypted Email Service is Safe Against Linux TCP Vulnerability

August 12th, 2016 in Security

ProtonMail is not vulnerable to the recently announced Linux TCP Vulnerability Earlier this week, a rather serious Linux TCP Vulnerability was disclosed (CVE-2016-5696) by security researchers in the US. As a result, ProtonMail’s security team did an analysis of this bug to see if it compromises the integrity of ProtonMail’s encrypted email service. Our analysis …

Improve your secure email service by joining our back-end code audit

May 30th, 2016 in Security

To ensure the security of ProtonMail’s secure email service, we are looking for more back-end security auditors. At ProtonMail, our internal security team has always worked closely with our user community to ensure the security of our secure email service. ProtonMail’s strong security is partially due to the dozens of security contributors who have audited …

SSL Certificate Update

January 19th, 2016 in Security

On January 20th, 2016, ProtonMail will be updating the SSL certificate for protonmail.com. With this update, we will also be changing our Certificate Authority to QuoVadis Trustlink Schweiz AG. Along with the change in SSL certificate, we will also be moving the ProtonMail secure email service to a dedicated subdomain, mail.protonmail.com. We have also released …

2016 Email Security Roadmap

January 1st, 2016 in Security

For 2016, we are looking forward to another year of progress towards building easy-to-use secure email. Today, we are publishing our first security roadmap. Over the course of 2015, we have taken several big steps towards making ProtonMail the easiest to use secure email service. Some highlights of 2015 include the release of ProtonMail 2.0, …

Secure Email DDoS Protection

Guide to DDoS protection

December 15th, 2015 in Security

Last month, secure email came under DDoS attack, this is how we added DDoS protection to ProtonMail.   Dec 16, 2015 Update: After we publicly posted the data at the end of this post, the attackers swiftly retaliated with a 59 Gbps attack. We were able to successfully mitigate with help from Radware. We knew …

ProtonMail Bug Bounty Proram

ProtonMail Bug Bounty Program

August 12th, 2015 in Security

UPDATE Feb 2nd, 2016: We have made a number of updates to our bug bounty program. The updated program is below: At ProtonMail, our goal is to build the world’s most secure email service. In order to do this, community participation in securing ProtonMail is essential, and that is the spirit behind our bug bounty …

Summary of HSTS Support in Modern Browsers

May 28th, 2015 in Security

This a guest blog post by Mazin Ahmed, an external security expert who has helped test and audit ProtonMail. We hope it will educate our readers about web security. HTTP Strict Transport Security (HSTS) is a web security policy that is made to protect secure HTTPS websites against downgrade attacks that is used to perform …

sslgrade

ProtonMail Upgrades SSL Certificates

February 13th, 2015 in Security

Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use. The new SSL certificates have several marked improvements over the previous ones. All certificates now use the highest …

screeen

ProtonMail’s SSL Certificate

November 3rd, 2014 in Security

January 19th, 2016 update: We have upgraded our SSL certificate!  The new fingerprint can be found in our knowledge base: https://protonmail.com/support/knowledge-base/protonmails-ssl-certificate/ NOTE: ProtonMail may use different SSL certificates for our subdomains, the information below only pertains to our main site protonmail.com ProtonMail is all about privacy and we want to do our best to protect everyone’s …

Password Managers

August 23rd, 2014 in Security

Since the original article below was first published in 2014, we have made many improvements to how ProtonMail supports password managers. ProtonMail now supports three of the most popular password managers: LastPass, KeePass, and 1Password on both the webmail and our secure email mobile apps for iOS and Android. To learn more about how to …

End-to-end encryption

Update about reported XSS issue

July 8th, 2014 in Articles & News, Security

A couple of days ago, a video was circulated online that claimed ProtonMail is susceptible to a XSS (cross site scripting) issue which raised some concerns among ProtonMail users. We want to clarify that this does not impact the current version of ProtonMail. ProtonMail is constantly making security improvements through our beta process and we …

Get your secure email account
Create Account

Proton Technologies AG

Chemin du Pré-Fleuri, 3
CH-1228 Plan-les-Ouates, Genève, Switzerland

For support inquiries, please visit
protonmail.com/support

For security related discussions
security@protonmail.ch