How to switch to two-password mode

New accounts are set to one-password mode by default. This password is used both for login (to verify the identity of the user and access the account) and for the mailbox (to decrypt data). For most users, a single password provides security and convenience.

It is still possible, however, to switch to two-password mode from the Settings -> Account page. Two-password mode uses separate passwords for login and mailbox decryption. This provides a minor security benefit in some situations.

You will be asked to enter your current password and two-factor authorization code, if enabled. Next, you will choose a new login password, followed by a new mailbox password.


Mailbox password warning: Your mailbox password is stored locally. It is used to decrypt your private key, which is stored in encrypted format on our servers. We do not have access to your mailbox password. Therefore, if you lose it, you will lose the ability to read your old emails.

Login password warning: If you lose your login or mailbox password, you can only reset your password if you have a recovery email linked to your account. While it is possible to change your password, if you forget it and reset it, you will lose the ability to read your old emails. This is due to the end-to-end encryption that we employ which makes it impossible for us to read or recover your emails.

If you reset either your login or mailbox password, your account will automatically revert to one-password mode using the new password you’ve chosen. You may still recover your old messages even after resetting your mailbox password if you remember your previous one. You can learn about restoring your encrypted mailbox here.