If you’re struggling to think up strong passwords you can remember for your online accounts, here’s a simple, secure solution — for you and the whole family. You’ve heard the security advice: “Create a unique, strong password for each account”. But are you doing that for every login? And what about the Netflix account you …

Our top priority has always been the security of our community, which is why we are happy to announce our partnership with Bug Bounty Switzerland and our new private bug bounty program made up of expert ethical hackers and security researchers. Bug Bounty Switzerland has successfully led some of Switzerland’s largest bug bounty programs and …

At ProtonMail, we believe everyone should be in control of their personal data. A critical component of controlling your data is having the ability to make informed decisions about who you entrust with your data and how it is secured. Most companies rely on security through obscurity and do not share their code, making it …

This summer, we conducted a security audit to determine whether Proton is susceptible to an attack against public key cryptography, known as a batch GCD attack. As a result of our analysis, we can confirm that none of our users is vulnerable to this attack. The attack exploits faulty sources of randomness when it comes …

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent. A litany of high-profile data breaches has led to a growth of interest in …

USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices? In many cases, the …

UPDATE Sept. 15, 2020: SwissSign has dealt with the DDoS attack and has taken measures to prevent similar outages in the future. Therefore, we are using them again as our certificate authority. We have updated the fingerprints at the bottom of this article. Proton has recently begun using Let’s Encrypt instead of SwissSign as the …

This article documents Proton Drive’s security model by showing how it uses end-to-end encryption to protect your sensitive data. While somewhat technical, this document is meant to be accessible to a general audience and attempts to explain how Proton Drive works in plain language. Proton Drive is in the final stages of development before our …

Whenever you send or receive information on the Internet, it passes through a network of multiple computers to reach the destination. Historically, any of these computers could read your data, because it was not encrypted. Much of this data is quite sensitive — and valuable to hackers. It can include private communications that are not end-to-end …

The following article presents a high-level overview of ProtonMail’s Android security model and explains how the app protects users’ sensitive data. You can view our Android app’s open source code on GitHub. We also explain the importance of open source to Proton in our Android open source announcement.  For more information on what threats ProtonMail …

ProtonMail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. It allows for full integration of your ProtonMail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. This document discusses how Bridge handles sensitive information, …

Working from home is one of the many massive societal changes that COVID-19 has forced upon the world. Millions of people are now handling sensitive work data outside their office for the first time. It can be hard enough to keep data secure in the office, where there are IT security officers to monitor the …