What is One-password mode?

When ProtonMail was originally released, it was created with a login password and a mailbox password known as the Two-password mode. This was to ensure end-to-end encryption. However, over time, our research team developed a way to provide the same level of privacy and security with just a single password. 

Because this improves ProtonMail’s usability, the One-password mode is now the default for all newly created accounts. For Legacy accounts (those created before December 2016), we also provide the option to switch to One-password mode. However, we will continue to support Two-password mode. More information can be found at the end of this article.

One-password mode

One-password mode removes the need to remember two passwords, making it easier to use ProtonMail. Instead of two passwords, just a single password is required for login.

If your account was created after November 2016, you are already in One-password mode. 

1. If you have an older account, you can still activate One-password mode. Click on Settings → Go to settings at the top right and select Password & recovery in the left sidebar. Under Passwords, deactivate Two-password mode.

One-password mode

2. You will be asked to provide your old password, two-factor authentication code, and a new password. Select Save. You are now in One-password mode. 

Switch to one-password mode
Two-password mode

If your account is in One-password mode, it is also possible to switch to Two-password mode. Having two unique passwords boosts your account’s security. However, we still recommend One-password mode for most users.

In Two-password mode, you will be asked to set a login and mailbox password separately. The Two-password mode uses a segregated authentication and decryption system, which means logging into a ProtonMail encrypted email account requires two passwords. 

The first login password is used to verify the identity of the user. The second password is a decryption (mailbox) password that ProtonMail does not have access to. It is used to decrypt data on your device; we do not have access to the decrypted data or your decryption (mailbox) password. This also means we cannot hand over your data to third parties or perform a mailbox password recovery. If you forget your mailbox password, we will not be able to recover your data.

To set up Two-password mode, follow these steps:

1. Go to Settings at the top right and click on Go to settings.

Go to settings

2. Select Password & recovery in the sidebar and activate Two-password mode.

3. You will be asked to enter your old password and a new password. Click Save once you have entered both passwords.