Your ProtonMail Professional Account is secured by an organization password that is associated with your organization key.
ProtonMail Professional Accounts use end-to-end encryption to secure emails. This is achieved using a master encryption key called the organization key, which nobody other than the administrators of your organization has access to.
Because even we do not have access to this key, your data remains private, even from us.
To find out details about your organization key, log in to account.protonmail.com and go to Settings → Organization → Organization & keys → Password & keys.
Your organization key fingerprint can be optionally used as a security feature to verify that all administrators in your account have the same key.
Your organization key is protected by an organization password that is only known to the administrators of your organization. Because we do not know the organization password, we cannot read any of the emails associated with your organization.
However, because administrators have access to the organization password and the organization key, administrators are able to read the emails of all users of an organization unless the user is explicitly designated as a private user.
For day-to-day management of your organization, administrators do not need to use the organization password because an administrator’s ProtonMail account password is sufficient for most organization management functions. However, the organization password must be used to perform some tasks. These include:
- Adding a new administrator to your organization
- Changing your organization keys
The organization password also serves as a recovery mechanism if an administrator loses administrative privileges to their ProtonMail organization (for example due to a password reset).
Changing your organization password
Any administrator can change the organization password. When this is done, it is the responsibility of each administrator to share the new organization password with all other administrators.
Resetting organization password
Please see Restoring Administrator Privileges for more information about resetting your organization password,
Changing your organization key
Changing your organization key is not usually necessary, but we recommend doing it for security purposes if an administrator leaves your organization or if an administrator’s account is compromised.
Changing the organization key generates a new encryption key, which is used to encrypt all data for your organization. This replaces your old key. You will need to set a new organization password.
No data will be lost or destroyed in this process. However, after the organization key has been changed, all other administrators will be placed into a restricted privileges mode. The administrator that changed the organization key will need to share the new organization password with all other administrators in order for them to restore administrative privileges.
To change your organization key:
1. Log in to account.protonmail.com and go to Settings → Organization → Organization & keys → Password & keys → Change organization keys.
2. Select an encryption scheme for the key.
3. Choose a new password. Click Save when you’re ready.
Below are some additional articles to assist you while setting up ProtonMail Professional accounts:
Step 1: Setting up Your Domain(s)
Step 2: Creating your Organization
Step 3: Setting up Users(s)