Two-factor authentication (2FA) is an additional layer of security for your ProtonMail account. With 2FA enabled, you will be prompted to enter a six-digit code upon logging in. This six-digit code will be generated by an app that is installed on your mobile phone.
This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.
To use 2FA, you must first install an authenticator app on your mobile phone and have access to your phone while logging in to your account. There are many authenticator apps to choose from. Below are a few options.
Android
iOS
Setting up two-factor authentication in ProtonMail
1. Visit the Security tab within the Settings of your account. This can only be done through the web version of ProtonMail found at mail.protonmail.com.
2. Select Enable Two-Factor Authentication
3. Open the authenticator app you have chosen on your mobile device, and select the option to scan a QR code, or manually enter the authentication key. To scan the code, point your device’s camera at the QR code seen in the setting of your ProtonMail account.
Note: the image below is a demo. Do not scan it. Scan the image shown in your account.
4. You will see the following modal that requires you to enter the login password of your account, along with the two-factor passcode which you will see in the authenticator application you are using.
5. ProtonMail will also provide you with several one-time use recovery codes. Please save these codes in a secure place and do NOT lose them. If you ever misplace or lose your authentication device (mobile phone, etc.), these codes will be the only way to log in to your account. If you ever lose your second-factor device, you can enter these codes instead of the six-digit authenticator code. Note, each code can only be used once, so please save all the codes.
Please note that resetting your ProtonMail password will automatically disable 2FA. In this case, you will need to manually enable it again by going to your ProtonMail Settings -> Security -> Two-Factor Authentication.
How to authenticate from multiple devices
If you wish to receive your six-digit authentication codes on multiple devices — say, your phone and your tablet — you must have an authentication app installed on each device. Then follow the steps below:
- If you have already enabled two-factor authentication you will need to disable it.
- Then navigate to Settings -> Security and click on “Enable two-factor authentication”.
- Scan the QR code using the authenticator app on each device. You can also make a screenshot of the QR code and save it for later to scan with your other devices.
Or, instead of scanning the QR code, the other option is to click on the “Enter key manually instead” button.
You will be provided with a key that you will need to enter manually in the 2FA app.
For example, below are some screenshots showing how to enter the key manually using Google Authenticator:
If the 2FA is not working, please check the following article for the most common 2FA login problems.
Optional: Switch to Single Password Mode (for Legacy users)
As of version 3.6.0, ProtonMail has switched to supporting a single password mode and this is the new default mode for newly created accounts. The single password mode combines the legacy Login and Mailbox password into a single password without compromising security or privacy. Existing users have the option to stay in two password mode, or switch to single password mode. For users that find having to enter a Login Password, 2FA code, and Mailbox password to access email too cumbersome, we recommend switching to Single Password mode to reduce the number of password prompts by one.
Vote links are missing here.
0
Mobile VPN not working with WiFi strong signal?
0
Please contact ProtonVPN support at https://protonvpn.com/support-form.
0
Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack.
0
YubiKey, OTP (one-time passwords) or similar support would be great besides the general useranme-password. How about username-password to login and YubiKey to Decrypt the messages.
0
A vote for Yubikey.
It would be great it ProtonMail could implement hardware token support.
OTP: https://developers.yubico.com/OTP/
U2F: https://developers.yubico.com/U2F/
0
+1 vote for FIDO 2FA Authentication (Yubikey is one FIDO 2FA USB implementation)
-> https://fidoalliance.org
0
Second vote for YubiKey. Too often I’m in a country where I don’t have access to my home country cell phone.
0
I vote for Google Authenticator.
0
Authy (Authy is better than Google Authenticator)
and/or YubiKey
0
I have already ascribed votes to this feature in the suggestion/ideas section.
Please also allow for back-up phones.
0
Yubikey in OTP mode (I use already static mode for protonmail).
0
Toopher!!!
0
I vote for yubikey and/or fido u2f standard
0
Prefer the classic “Secret question and answer”. It respects privacy.
0
me too. I am not that savvy with computers, and this would work for me.
0
That would be better than downloading an app. :)
0
Would like to see two factor authentication but without a cell phone. A cell phone ties a real identity to the account. Security questions can be guessed if enough time is spent following an individual.
I suppose, though, two factor wouldn’t be required if no one knew the email existed.
0
I would prefer to have two factor without a cell phone as well. Not everyone can afford a cell phone, home phone and internet as well. I really like to have the secret questions and answers and preferably the choice to create your OWN questions and answers, not the standard ones.
0
You guys are aware that there isn’t an option to “log in to vote” anywhere in your support system?
And no option to click anything to agree that this particular one is a good idea.
0
Yubikey in OTP mode!
0
YubiKey/OTP please!
0
I think two factor authentication is mandatory in our modern world of IT vulnerabilities and malware/botnet infestations.
YubiKey would be awesome.
ProtonMail would easily be the most secure email service on the planet with 2 factor authentication.
But now, end users are a keylogged-connection away from having their emails compromised, which is unfortunate. (These days, I honestly believe that two-factor authentication for one’s primary email account is absolutely mandatory, you’d have to be crazy not to have it).
Just one guy’s $.02.
0
Make it universal!
My Vote, U2F
0
Looking for FIDO U2F authentication standard to be implemented for the protonmail service.
0
2-factor auth should come after username/password login, but BEFORE decrypting. I don’t want attackers getting my private key, even in encrypted form.
0
I agree — two factor authentication is mandatory. Please offer it soon.
0
Absolutely – FIDO U2F please. Yubikeys sound like the way to go too. Esp their NEOs
0
up vote
without this feature protonmail would be insecure
0
Yubikey, already supported by default in Google Chrome, simple to use, robust (I am carrying one in my pocket since a year), cheap, U2F is an open standard.
0
Please add support for Yubikey!
0
Support for YubiKey would be great !
0
I’ll add a vote for Authy or Google Authenticator.
0
Authy + yubikey +1
0
Looking for FIDO U2F authentication standard
0
FIDO U2F
0
Two factor authentication needs to be enabled regardless of the number of upvotes. But I would like to request support for Google Authenticator
0
The sooner the better guys, that DDoS attack shows you are a major target. I would feel even more comfortable when you have Two Factor. I’m starting to switch all my accounts that have Two Factor over after getting my bank account hacked (they literally signed in from Nigeria) twice, which I believe was because of LastPass’s security failure.
0
yubikey OTP for sure
0
OTP Please :-)
0
Google authenticator please!
0
Yeah, two factor authentication is a great security feature to have. Please add it soon
0
People who suggest Google Authenticator are simply misinformed. You add no security if you log into your app with Google Authenticator as your 2 Factor because they are on the same phone. If you want to use TOTP then using the Yubikey Authenticator is an option. However this can not be enforced and is a horrible idea.
Hardware based Token over NFC are by far the best option for 2 Factor on Smartphone apps. Lastpass (Password Manager) support this and it works fantastically. They use HOTP and the Yubicloud, a more modern approche would be to use U2F over NFC.
tl;dr: The most secure would definitely be U2F over NFC.
0
Please add two way authentication
0
I love this service already even though I haven’t used it yet, but not having two factor authentication would definitely be a big drawback for me.
0
Google Authenticator or Authy please
0
Yubikey is the way to go here.
The current setup (one password logs in, the other decrypts) does nothing to protect one token from the vulnerabilities of the other. For example, a keylogger could capture both passwords if they are typed.
Yubikey solves this problem.
However, it’s not true that Yubikey is “virtually unhackable” as someone claimed above. Have a look at the recently disclosed “LostPass” vulnerability. This is essentially a phishing attack in which a login screen that looks pixel-for-pixel identical to the real thing, asks the user for authentication. Password and Yubikey tokens are captured. The attacker then uses these to authenticate himself and gain entry to LastPass.
Nevertheless, Yubikey is far more secure than almost all other 2FA alternatives. For example, NFC Yubikey-enabled logins bypass the problem of logging in through a phone app when its the same phone that would receive Google Authenticator or Authy codes.
Finally, someone above said that Yubikey could not be enforced.
That’s true. But you can’t enforce people using sensible, long and complicated passwords. Or checking their computer for vulnerabilities, rootkits, viruses and a whole lot else besides.
You can’t force everyone to use 2FA, or Yubikey specifically. But that doesn’t mean it shouldn’t be an option. It should.
0
Still can’t Vote for this but YubiKey.
I can’t and won’t use ProtonMail as my default email provider unless it offers two-factor authentication.
0
” Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack. ”
Totally agree with these words. Thank you Duane Christensen.
It would be a great idea to implement Authy. We are working with them for years and have had 0 problems. Authy.com is a very good solution.
Regards
0
It would be nice to use google authenticator too. There’s no need to use mobile numbers and I don’t care if google knows my email (it anyway does).
0
I see that there are requests for many different forms of second factor authentication. I would appreciate the option to choose many, similar to Lastpass.
0
Please add it, this is a must! A keylogger on your computer and you are done..
0
Google authenticator.
0
Please enable two factor authentication with Ubikey.
Thanks
0
Two-factor implementation is imperative. Basing authentication in passwords is shown to be so weak as to use only the identification.
Passwords are dead.
No use having the entire system encrypted mail if you can access with a simple password.
People use weak password. And the computers is far superior to these. Also social engineering.
A double factor based on something that you have, as a mobile phone, for most people is really simple. There are many applications that generate a seed. SMS sending is not necessary.
It is also interesting to evaluate the direct use of the second factor as the only factor, because if this is used for recovery of the password, the password is not need, except for the convenience of access only with password to an already verified and saved device.
In any case, today a service like this should implement double factor if want to be safe. Meanwhile, this is serious failure for choose this service of mail as the main day to day or for use in actual need for privacy.
0
2FA all the way!
0
A must have for this type of email account
0
Two Factor Authentication is a MUST this days, this times … nowadays every serious company that desire to keeps data and wants to keep their users safely have it, and it’s not a must because every companies have it, but because PROTONMAIL without Two Factor Authentication it’s a incomplete solution! It has it all right, except this.
I hope we will see soon this implemented .
Thank you
0
Yubikey and Google authenticator would be great additions for 2FA.
0
This is critical feature for my team
0
DUO woult be nice
0
DUO would be nice!
0
I vote for Google Authenticator.
0
google authenticator please!
0
I’d be happy with anything but yubikey support would definitely be my preference.
0
Yubikey for the best !
0
I do love the service Protonmail offer but as long you guys can’t offer two factor authenticator, i will not use it as a primary e-mailservice. Sadly!
0
Google Authenticator é boa ideia
0
up vote
I use the FreeOTP Android app, which, I think, also works if Google Authenticator is supported.
0
Only reason I haven’t fully switched to ProtonMail yet is lack of 2FA .. everything else looks good. Would be a terrific addition
0
+1 – no upvote buttons here
0
Authy is a super 2FA solution that works just as well as google’s but isn’t owned by Google. Bottom line, 2FA is not a negotiable if proton mail wants to be a serious player in the secure privacy world.
0
I vote for Authy or LastPass Authenticator.
0
Please add support for Yubikey.
0
+1 for yubikey u2f or at least otp / time based otp
0
Please add it asap. No protection against keyloggers ….
0
Would also like to see this!
0
OTP Authenticator
Swiss SafeLab OTP Authenticator is a free strong one-time password app.
0
Google Authenticator would be great!
0
2FA using Authy with backup via phone / SMS for those of us that can’t have our phone or a Ubikey everywhere we are. Authy over Google Auth because Google Auth is a pain when you switch phones, etc. whereas Authy carries over regardless.
0
U2F Universal Two Facto Authentication would be great!
0
PLEASE add this! I request the 2fa apps
0
yes, 2fa please!
0
I’d like to vote for this too. Would be nice if it integrated with Duo for push.
0
Soon is not soon enough. Hurry up with the 2FA
0
Yes! ProtonMail definitely needs 2FA!
0
Yes!
0
Two-factor authentication is a must-have feature. Hopefully it will be implemented soon.
0
I vote for an U2F key including happlink and yukikey among possibles hardware to have, associated with a good old long enough password for the knowledge factor.
0
Still no progress a year after 2FA was suggested a year ago?
The only thing stopping me paying for a premium account is the lack of U2F authentication.
0
Hi,
We are planning to implement 2FA by the end of the year. For more information please visit this link: https://protonmail.com/blog/secure-email-roadmap/
0
would love 2f auth
0
Please add 2FA as soon as possible. This is the one thing I need to switch over to protonmail 100%
0
FIDO U2F please
0
Two factor auth please
0
This has been on the road map for 2 years, when are you going to implement it?
0
We are planning on implementing 2FA this year: https://protonmail.com/blog/secure-email-roadmap/
0
yubikey 4 pls
0
yeah,
once yubikey 4 is supported, i will switch to premium account. hehehe
0
That’s great to hear. Hopefully you will choose FIDO U2F, it’s widely used already and the most convenient. Google Auth is not secure, neither is SMS verification.
0
Bump re 2FA authentication using industry standard like OpenID or Google OAuth 2.0
0
Authy, the Best option
0
there is no up vote botton.
0
Can you please try clicking on the “Helpful” button?
0
I would appreciate 2FA for additional security. Following options should be offered (in order of importance). 1. mobile phone, 2. email, 3. Google OAuth 4. other solutions.
0
Please add ASAP.
A keystroke logger defeats ALL of (personal) security mechanisms. I have not migrated to PM because of this and only this.
Please add.
Also – cannot vote above
0
+1 for FIDO U2F
0
+1 for Authy or any 2fa
0
+1 2FA
Google Authenticator + U2F
0
I look forward to this feature being implemented.
0
Waiting for this feature.
0
Two factor authentication is a HUGE deal and a must have for a service. I feel this is protonmail’s biggest drawback by far, especially since almost every email service has this.
0
Also, I wasn’t able to upvote this article, but would have.
0
Also, please allow us to use FIDO U2F keys please.
0
Authy please!
0
Duo Security for 2Fa. Auth.
0
Hi, please enable 2FA, so I can do a complete switch from other email solution that provides the authentication (and pay for premium), without 2FA this is just a toy for now.
0
PLEASE hurry an enable 2FA. I don’t care if it’s Premium only for now, I just need the feature.
I use protonmail for my business and we are high-profile and have numerous attacks in the past.
Yubikey supprt would be best, but I will settle for Google Authenticator. Just don’t require SMS or “questions and answers” as both are insecure.
0
It’s is great to see that ProtonMail will be adding 2FA to its security measures. Can you provide any insights at to which 2FA methods will be available?
0
We are still working on this, and exploring multiple options. More details will be available when we are ready to implement it.
0
Any update on this? Would gladly make a donation towards its implementation.
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
Is there any update on this?
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
I seem to be having incoming mail blocked…..also I get frequent “too many attempt to log in” messages when I am trying to log in. Can a third party block incoming mail? And do you have such a message at log-in? Thank you
0
Can you please contact us at contact@protonmail.com if you are still experiencing this issue?
0
The idea of protomail is good. But protonmail is not a real alternative as long as 2FA is not supported.
0
We will be adding 2FA very soon. Thank you for your patience!
0
It’s been 1 year.
Yes the response from 1 day ago indicates it is still in the works, but for all us paid investors this is a huge pain point and quite simply unacceptable if ProtonMail wishes to be at the forefront of email security. YubiKey, Toopher, GoogleAuth, etc. needs to be implemented ASAP. It should be the top priority of any security conscious company.
If a hack occurs against ProtonMail due to not having this feature implemented, ProtonMail would likely see a large exodus in funding and accounts.
Love the service though and your customer service rocks! :)
0
+1 for YubiKey, Authy and/or Google Authenticator. Good to hear that 2FA is “coming soon” Support Team. :-)
0
i would like to upvote please !!!! can’t work out how to.
0
You can use the vote buttons, but only once. Once you have clicked on helpful/not helpful the button becomes inactive, and you can only click the other one to change your vote.
0
Cannot upvote. Need this feature.
0
I vote for Nitrokey
0
I also cannot upvote this issue. The “Helpful” button is not enabled for clicking, only the “Not Helpful” and I have NEVER clicked either. Please fix this. I also would vote in favor of Yubikey as an option but Authy would also be a good option, hopefully you would support multiple options.
0
Also voting for Authy/Yubikey. Would love to ditch my current email for protonmail, but 2FA is too critical for protection against key loggers to give up.
0
I’ll pay for an account once 2FA is implemented
0
Please Support Yubikey and Google Authenticator.
See more:
https://www.yubico.com
https://github.com/yubico
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
https://github.com/google/google-authenticator
best regards
0
I vote for Two Factor Authentication
0
Authy or an NFC/Yubikey thingie.
0
I will upgrade an account as soon 2FA is implemented
0
Two Factor Authentication is an absolute must in 2016. I cannot take protonmail seriously without such a basic feature. Love the product in general and I am using it but not as my primary account until 2FA is enabled.
0
Bump. Needs 2FA
0
2FA, please. I use my Yubikey everyday with every account that supports it. Thanks.
0
I would make a deal with Threema!
0
2FA definitely – open source – no additional cost for the 2FA solution please – I am a paid member
0
2FA please! Authy would be great.
0
Yes I vote on this too! It is a must to have.
Hardwareccccccfnitukehei or software would be ok
0
TFA is a must and would be very well welcomed here!
Hardware or software.
Thanks
0
+1 for 2FA
0
I vote! Any type of it is must be
0
I cannot wait to see it coming. Had some strange behavior on my account looking at the authentication logs late August. 2FA would be very welcome!
0
Two factor authentication is mandatory today.
0
Given the security and privacy that is core to the Proton Mail mission, I’m surprised that two factor authentication wasn’t part of the MVP. Authy is an open source client that works on multiple platforms that could manage the client side work. Please consider this a bold double handed vote for 2 factor authentication. This article at Wired is four years old. The TL;DR is that the security flaws in Apple and Amazon’s process would have been mitigated had the author simply had 2 factor authentication implemented on his gmail account: https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
0
Please implement Trusona for MFA! They are leading the #NoPassword revolution.
0
+1
We need it please.
Thank you.
0
What is the deal, two years ago it was “integrate it into our login process soon.” ???!!!
This should be basic stuff for a security focused company….
0
We are working on this, and we want to make it as easy as possible for the users.
0
+1 Please add it, it’s necessary to have this in this kind of days :)
0
Please add 2FA. Why not?
0
We are working on adding this feature, but we do not have an exact date when it will be available.
0
Shocking it’s not implemented yet. Seems even those that don’t focus on security have this.
0
+1 Please add it.
It would be great for free users too – not just for paying! Think of how many new signups you’d have?
0
That’s a feature that should’ve been there from the get-go.
I don’t know how can one think of secure service without MFA.
Just implement TOTP, there are plenty of ready libraries.
0
Big +1; TOTP is the easiest and most convenient for the end-user.
0
Would love this feature ASAP. I’m even using Yubikey with my Gmail account.
0
As George said: I will upgrade an account as soon 2FA is implemented
Protonmail without 2FA is only BETA/Demo for me.
Please send me an email as soon as 2FA has been implemented, and I will hit the ‘Upgrade’ button.
Thanks!
0
i have a suggestion for two factor authentication maybe integrate the yubikey product.
0
Agreed. This security feature is a must have option for any security conscious service.
0
I’d like to vote to add this, too. U2F would be ideal.
0
I’m super confused. Does 2FA exist or not exist on ProtonMail? I opened my email account today and one of the emails was introducing me to 2FA and telling me how to enable it. But I don’t seem to have 2FA under the Security tab as the instructions tell me.
So can somebody confirm whether it really does exist or not? I use 2FA on everything possible.
0
You have to refresh to update to the latest version of ProtonMail.
0
Microsoft Authenticator is not supported??
0
If it is OTP, it should work.
0
Unfortunately, I don’t have a smartphone, I’m still using my old flip-phone, is it possible to use SMS for 2FA like Gmail does?
And can I use 2FA alongside the Mailbox password, making into 3FA?
Thanks!
0
You can use it with two password mode. We don’t support SMS, but you can install a 2FA app on your desktop.
0
This is a good step in the right direction, but OTP is less secure than U2F, which is what larger tech companies are beginning use (at least for employees). Please do not neglect this important, open, and widely used and supported 2FA standard.
0
Thx for the 2FA that is added now.
For the record, Blackberry users can use Authomator (http://www.authomator.com/).
Available via Blackberry World (off course)
0
Great to see 2FA is implemented. For those who use a Blackberry, you can use Authomator for your 2FA code: https://appworld.blackberry.com/webstore/content/22517879/
0
Google authenticator make no sense against The privacy Protonmail aim to
0
Google authenticator worked for me, but not FreeOTP….
0
You should send an sms with a code for people who do not want Internet on their phone.
0
Too dangerous because SMS can be easily intercepted.
0
You should send an sms for those who do not want Internet on their phone.
0
As Protonmail does not support yet Yubikey I use as 2nd Auth Factor Yubico Authenticator, that is the same as Google Auth but need the yubikey to generate codes.
The problem is that I use multiple keys, for example one in the desktop and another for mobile.
Aditionally both keys work as a backup or altenative method in case of loss.
As far as I see Protonmail only allows one method for 2nd Factor Auth. Why not allowing more than one method?
0
We plan on supporting more 2FA methods in the future, but we do not have a timeline at the moment.
0
So if Protonmail supports OTP then it would support Yubikey right?
0
I think what would be REALLY NICE too, is a similar article for the other end of the process, which is “how to migrate 2FA to a new device (be it a phone or tablet)”. Good thing you provided those one-time use codes, or that would have been it. And I had to use two codes, one to log in, then one to deactivate 2FA. From there all was good to reactivate it. Now that it’s fresh in my head, I will probably remember… in two years. Yeah. Right. I’m 55 now, and memory recall is not what it used to be. I guess I’m writing that on paper, but my method may not be the most elegant… ;-)
0
https://thehackernews.com/2017/05/ss7-vulnerability-bank-hacking.html
0
Too factor authentication… not full proof since… a while…
0
Hi! Can I use WinAuth ?
0
Any authenticator app that supports the OTP protocol can be used with ProtonMail.
0
my phone damaged. how can i login with two factor pass code ? please help me
0
Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Yubi key or Google Auth.
0
Any updates on Yubikey/U2F support? U2F is now supported via W3C/WebAuthN in both Chrome and Firefox now. Edge promising support any day now. REALLY need this. OTP is not secure, it can be phished and man-in-it-the-middled in real-time just as easily as a long-lived password.
0
Are there plans to suppurt Yubikey or is this the extent ProtonMail will support 2FA?
0
Please add support for Yubico/Yubikey for 2FA. Its much more secure than using Phone 2FA! Also its the only way to compete with the new Gmail Advanced Protection plan.
0
LastPass Authenticator should be supported too!
0
Any authenticator that uses the OTP protocol should work with ProtonMail.
0
Also wishing for Yubikey/U2F
0
I have an old smartphone, Android 4.1 or something. It is not possible to update this anymore. Is it safe to use it for Two Factor Authentification? Or should I better buy a new phone for this purpose?
0
If your phone can run a 2FA app, it should be safe to use it for this purpose.
0
I want to use Evolution or Thunderbird clients, for that I will need to get a copy of my private key, but on the downloads I only see the public one.
Also could you explain how do you manage / handle my private key? how do you say you do not have access to my stuff if you have that key?
Regards
0
You can use ProtonMail with Thunderbird via the ProtonMail Bridge, which doesn’t require you to download your private key. Private key downloading is nor supported yet.
You can read more about the Bridge app here: https://protonmail.com/bridge/.
0
Hello, I do only have a regular cellphone. Is it in future also possible to use to log in. Like with yahoo they send you an SMS with a code to log in
0
SMS verification may be considered in the future, but we cannot speculate on a timeline.
0
Is Yubico going to be implemented any time soon?
0
Authy dont have ProtonMail on list i cant genere code….
0
If you need any assistance please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Yubikey. Not everyone has an electronic leash, or even lives in an area where such service is extant.
0
Plz change authentication methodes to include something for people not using smart phones like text message or some of the obove like ubykey ect
0
Please implement Yubikey FIDO U2F support for 2FA. It’s universally recognized as the most secure form of 2FA.
0
Is there any possibility, how to disable 2FA, when i lost my Google Authenticator code (trough support or anything else)? I am inside mailbox, but when i tried to disable 2FA and put the recovery codes, the answer is incorrect login credentials.
0
Please contact our support team at contact@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.
0
I prefer Yandex Key. Please investigate how it works for logging into Yandex.Mail on the computer. Never having to input your password or a 2FA code at login is a beautiful thing (on a computer). Now, if everyone could get onboard with this, life would be grand!
0
Please don’t ever make this compulsory. I understand the benefits, but it entails a link to your real-world identity (the phone). I would stop using proton immediately, even though in every other respect, it is the best thing going.
Quite apart from the anonymity issue, how are users in countries with oppressive regimes going to explain having that app on their phone? Even in the US, with its saintly respect for human and other rights, they could ask why you have proton, and even demand access to the account. They may not be able to do it to citizens, but they can to anyone else.
0
+1 for FIDO U2F
0
Yubikey!
Many of these 2FA apps are problematic if you lose your phone (lose your phone = lose access to ProtonMail!) or feature cloud backup (= increasing your attack surface). It would be great it ProtonMail could implement hardware token support.
OTP: https://developers.yubico.com/OTP/
U2F: https://developers.yubico.com/U2F/
N.B.: I am a paid ProtonMail user, and a Yubikey user– I have no financial ties to yubico. I just want good security. :)
0
If I enable this for my mail account, will it also ask for the code when using the VPN (which is running on the same account)?
0
Only the ProtonVPN webpage will ask for your 2FA code, the ProtonVPN app will not ask you to enter the 2FA code.
0
Vote for Yubikey!
0
How is it 2018 and U2F such as with a yubikey is still not supported? Searching through other threads shows people have been asking for this for years, and with good reason.
In order for a user to bring their account’s TOTP security up to par with U2F, they need to make their authenticator itself (and its backups) only accessible via U2F which is an unwieldy process
0
how to disable 2FA if the primary @FA device with Google Authenticator is lost?
0
Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
I avoid downloading apps. Downloading things opens the probability of getting malware. I completed the 2 step authentification process with another email today which utilizes text messages to the phone as the 2nd step. Why can’t proton mail utilize such a method instead of requiring an app?
0
There is much higher risk of a hack using SMS than an app. Rather, it would be nice to be able to use a physical token like YubiKey.
0
Another vote for yubikey
0
for security reason. The “app” comes from Proton and is under control. Not the txt msg.
0
I don’t have a smartphone (just a simple flip phone), so I can’t set up two-factor authentication in ProtonMail the way it currently works. Why can’t ProtonMail handle two-factor authentication the way that other websites do, by sending a confirmation code to the phone number you type in?
0
We don’t support 2FA by SMS, but you can install a 2FA app on your computer.
0
Sms contains known critical security flaws. It is not legal to use this method in a secure email.
0
I am a new proton mail user. I forgot my username and password. Please advise me what to do. Also, I do not know what you mean by “recovery email”.
0
Please contact our support team at contact@protonmail.ch, support@protonmail.ch or using the support form at https://protonmail.com/support-form.
0
+1 for Yubikey :)
0
Though I ‘ve never used one, from my research and given the philosophical nature of protonmail’s security/’anonymity’ focus, I would say Yubikey! Doesn’t require the Identification that comes with a cell phone, which is good if, say, you have multiple protonmail accounts, and not all of them are meant to be linked to your public persona for whatever reasons (journalism, activisim…) A device like Yubikey with OTP would be ideal as if I recall you can set it up to authorize multiple accounts with multiple protocols, so with one key, unlinked to your contact information you could secure all of your proton usage, etc. great for authenticating an account accessed over the TOR network where correlating anoynmous web data flow with very much not anonymous mobile broadcast communications data.
0
Yubikey support would be great or just FIDO U2F
0
Voting for Yubikey and/or fido u2f standard
0
i have my mailbox with full mails encripted you not give me solutions
0
If you have reset your password, new encryption keys are generated while the previous ones are disabled. Because of this, your existing messages will become unreadable but you can restore them by providing the old password in the Settings > Keys tab on the web app. https://protonmail.com/support/knowledge-base/restoring-encrypted-mailbox/.
For further assistance, please contact our support team at contact@protonmail.ch, support@protonmail.ch or using the support form at https://protonmail.com/support-form.
0
Where is DUO push integration please? Let us know please
0
Any authenticator app with support for the OTP protocol can be used with ProtonMail.
0
No option to use one-time use recovery codes. How do I disable two-factor verification without this option?
0
You use the recovery codes instead of the code generated by the app to log in. Once you log in with a recovery code, you will need a second recovery code to disable 2FA.
If you need any assistance, please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Please, add the “remember device” feature for the 2FA… It’s really annoying to have to type every time the 2FA code on the same personal device :(
0
I too vote for this feature. I should be able to tell ProtonMail to trust my primary computer for 30 days or something like that, so I don’t have to enter my second factor every day.
0
Yubikey please. I’ve been using these for several years now and they are FIDO U2F.
0
I am using Lineage with F-Droid, I have not looked yet for 2FA, I just found this thread.
There are a lot of great ideas here.
Keep up the Awesome work PM.
0
Hi, the QR code is not showing up properly. I tried to enter the text into my authenticator manually but it fails every time. Not sure what is wrong with it.
0
Please contact our support team at contact@protonmail.ch, support@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.
0
YubiKey OTP, please. :c)
0
Add yet another vote for Yubikey.
0
+1 on Yubikey
0
I use Password Manager from MicroTrend, the ProtonMail app is supported with MicroTrend Password Manager. I recommend Password Manager for extra security.
0
+1 for SMS authentication, or ideally a 2-factor app with SMS as backup. Some of the commenters are concerned about security for SMS, but if you make it an opt-in feature then they can opt-out.
0
more + 1 for yubikey, superb solution, super secure, why don’t Protonmail support this?
0
Yu-bi-key! Yu-bi-key!
0
I would like to have authentication via ordinary text messages/SMS: these apps require WiFi or the use of cellphone data, and requires an additional app. YubiKey would be good too.
0
I vote U2F
0
OK so two factor authentication is the way to go. However, what if your smartphone has been hacked/cloned and your two factor authentication is an app that generates a code (say google authenticator). If someone else has access to everything you are doing on your smartphone they presumably will be able to access the code you are provided? I believe the way to go is something like certain financial institutions use where they provide a key fob and you press a button and it illuminates and provides a code. It works similarly to google authenticator in that a new code is generated/changes every few seconds but it is not on a connected device which cannot be accessed/seen remotely. Also, protonmail when they adopt such a system should provide for a nonviewable entry box for that codes input thereby denying anyone who is still hacking viewing the smartphone/pc from seeing what is typed. Feedback appreciated. Thanks.
0
I vote for Yubikey OTP or U2F please
0
+1 on Yubikey
0
Two-factor authentication is actually more of a bug than a feature if the attacker has taken control of your cell phone through malicious software and/or SS7. (Which I now know from painful, hard-won experience on a Gmail account.)
Please, please consider adding Yubikey authentication which is not subject to that form of hacking and most importantly, not requiring any access to the phone at all.
0
I’d love Yubikey support :)
0
Is there any update on ProtonMail implementing/supporting YubiKey (by yubico)? i appreciate there have been a number of updates above re no timeline but i’m hoping there may be an update at this stage? I appreciate PM team have been working hard in a number of areas re security and features and whilst sympathetic to that i would really love to see yubikey supported its the only aspect of my online accounts (That i really care about) that does not currently support it.
0
I think this is amazing
0
I hope we can get yubikey working as well.
Thanks
0
That’s clear, no yubikey, no protonmail
0
Please add support for Yubikey!
0
Please yubikey
0
+1 Yubikey
0
HELLO PROTONMAIL !
ADD THE SUPPORT TO USE MORE THAN ONE TWO FACTOR AUTHENTICATION
I would like to use both Authy and my Yubico for the same account to log in. not a choice option between yubico or authy to log in.
What I’m using now:
Login Password – Authy – Mail Password
I would like to use:
Login Password – Yubico – Authy – Mail Password
0
I don’t know about “developed” countries, but in Russia usage of cellphones (SMS, apps) for 2FA is a security hole.
0
+1 for Yubikey
0
Support for hardware tokens seems like a good idea. U2F or FIDO2, e.g. If the team thinks this isn’t a good idea (vs just prioritizing development resources), would love to hear the reasons why not, as the info would likely be very informative.
0
Cannot log in with apple mohave OS? It rejects my password using Epic browser with VPN enabled.
JDT
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
Yubikey OTP or U2F please
0
Seriously, why is there still no support for U2F or FIDO2? As Parrq said – if there are reasons, we’d love to hear.
0
Is implementation of security key technology, like Yubico 5, in the plan for addressing phishing attacks, and improving account security?
Thank you,
0
Yes, U2F support will be available in the future.
0
+1 for Yubikey
0
QRCode leads to Error page…. on my Android mobile
0
Please contact our support team: https://protonmail.com/support-form.
0
I can’t log in to my account because my old phone stopped working, I have a new phone but I dont know how to put back the 2FA authenticator .
0
Please contact our support team: https://protonmail.com/support-form.
0
Hello,
I enjoy your free version of Proton Mail.
Last week, I deleted most o my old emails, but still today it shows my use of 98%.
Why?
0
Make sure to clear out the Trash folder once you delete messages from the Inbox. Clear your Spam folder as well.
Be advised that messages deleted from Trash and Spam cannot be recovered.
0
Hardware tokens seem like a must, especially for a privacy/security focused email service. It would be really nice to see this in the near future. It looks like this has been asked for for nearly 4 years now.
0
We do plan on adding U2F support soon but can’t provide an ETA yet.
0
YubiKey is a MUST! Please make it happen.
0
Yes hardware token Yubikey compatibility needed, 4 years to long to wait. Please make it priority.
0
We NEED support for Yubikey, please add it.
0
We need U2F support now.
0
+1 vote for Yubikey
0
I just ordered a U2F device today as someone sent me a ransomware email ((on hotmail – byebye 4ever hotmail)) with one of my oldschool passwords in the subject line. They said they keylogged my “device” through a Cisco router
0
+1 for Yubikey
0
I hope that you will consider ‘Yubikey’ as a future OTP. I can’t think of anything better. I can’t always get a sig. on my mobile, so a ‘key’ would be the answer, when using machines away from home. Please consider!
0
Another vote for Yubikey. Simple to use and not dependent on smartphone security.
0
I have started using 2-FA with Authy on my Android O.S. and I am very pleased with it as it is working well and being a free user who doesn’t even know if he requires that much extra security helps Me know I am safe not just think it if you feel me.
0
I would like to see Yubikey available too since using a Cell-Phone is very vulnerable not just to attacks/hackers but getting Lost etc. yet I somehow never lose those things. Yet the 2-FA which i use Authy with is working out great for Me as I don’t if two passwords would make all that much of a difference, unless I were to of been constantly changing them which would be a huge pain in the butt.
0
I use Codebook by Zetetic, and have for about 8 years. Their addition of TOTP is what lead me to transitioning to Proton. Yubi keys physically store things in secure locations at home should my mobile be lost or broken.
0
Can we have a two-factor authentication via SMS for dumbphones? Not everyone wants a smartphone.
0
Is it possible to add a computer/device to a ‘trusted devices’ list, on which 2FA is disabled until further notice? Or at least something like ‘Trust this device for the next 30 days’? This of course for the webmail.
0
Not right now, but we may support this in the future.
0
Another good Two-Factor Authentication App is Yandex Key, There is an App for it both in the Play Store and the Apple App Store but I don’t think there are any Software for it for Windows OS, Linux OS and Apple OS at the moment.
0
I always use Two-Factor Authentication/ Two Step Authentication on all my online accounts, The way I set up my Two-Factor Authentication/ Two Step Authentication Codes and my Backup/ Recovery Codes is perfect. I have two offline encrypted devices (One device which I carry with me and the other second device is hidden in a secure location which only I know which I use as a backup incase something happens to the first device.) Both my offline encrypted devices have two different encryption software’s on them which are protected by two different passwords which are protecting both my Two-Factor Authentication Codes/ Two Step Authentication Codes and my Backup/ Recovery Keys, Talk about Fort Knox Security.
XD
0
When you support Yubikey, then I’ll sign up.
0
Any consideration of a longer-term 2FA authentication on secure devices? I log in to PM regularly from a secure workstation (I believe ;) and it seems that allowing a 7-day 2FA auth (ie I only get asked once per week for my 2nd FA on that device, always get asked for 1st FA) would be sufficient. Obviously respect those who don’t want this, so it is an option not forced.
0
We don’t store info about devices you use to log in, so this is not possible at the moment.
0
Please add WebAuth (U2F) support, I am having issues having most of the friends on Tutanota because of this cryptical security issue.
Thank you!
0
Yubikey when? We’re in mid-2019 already, other than that I love the service but yeah it’s a must.
0
The sooner the better for U2F, please.
0
Every time I have to pull my phone out to read my email I think of this thread. Where is the Yubikey support already?! ITS BEEN YEARS! This looks like it would take at most a few hours to set up.
0
Absolutely must have 2fa or mfa these days, and hopefully we will see the back of passwords soon.
0
Hi Protonmail ! can you please add Yubikey as an optional security feature, pretty please !!
0
Tutanota already has Yubikey support and a Calendar. At the beginning of 2019, they did not have both (or at least the Calendar, I am not sure about the Yubikey support). Why are you developing the email service slower than Tutanota? Is it because of the more rigorous software testing process? Or because you do not have enough human resources to develop and maintain both email and VPN services? Or something else? ProtonMail is five times more expensive than Tutanota, and the only significant difference is the country where servers are located. I became a paid user of ProtonMail half a year ago. Since than Tutanota has released email client for Linux. They have Tutanota Android app in F-Droid market, etc. I did not observe major new features in ProtonMail within this half a year except the implementation of a new encryption algorithm. The ProtonMail Bridge for Linux is tough to install and update. It seems that there are no plans to improve it, at least its installation on Linux systems.
I know that you are planning to release a Calendar soon, and I am ready to wait for it. But why don’t you add Yubikey support? Many, many security-focused software services incorporated the Yubikey into their source code, why not you? Do ProtonMail, and Yubico dislike each other? Or ProtonMail plans to release ProtonKey in the unforeseeable future and does not want to implement the support for a product of its potential competitor?
0
Please see: https://www.reddit.com/r/ProtonMail/comments/cdm4cs/yubikey_status_update/etwmo6l/
0
+1 for Yubikey support
0
yubikey please
0
is it possible to Add 1password as 2FA generator ?
0
As long as you can scan the QR code or enter the code manually, you can use any 2FA app which supports time-based OTP codes.
0
+1 for FIDO2 / yubikey
0
Bundle AutoCrypt into the platform for interoperability and PFS
0
another vote for yubikey AND the new fido/u2f 2.0 NOT requiring chromium (way less costly tokens)
authy can suck my left toe
0
Please add yubikey support!
We want hardware 2factor support.
0
+1 for FIDO2 / yubikey
0
FIDO2 please!
I don’t have an android or ios device, would still like two factor auth through hardware support.
0
u2f/FIDO2/Webauthn
It’s unfathomable that you don’t already support Webauthn. I can’t conceive of a legitimate reason why.
0
You should include an option for landline phones/non-smartphones to deliver a 2FA code via voice for those in rural areas with unreliable or no available signal, those with disabilities making use of text/smartphones difficult or impossible and those that intentionally do not own or carry smartphone devices due to ethical/mental health/security-related personal reasons. Also in the US, many poor people use “Obamaphones” which can often be lost or disconnected and only have limited data service which can lock some out for up to three weeks until the phone renews on the 1st of every month.
0
How do I disable 2FA? I did not receive the one time recovery code, what do i do?
0
Recovery codes are provided during 2FA set up. If you don’t have the code, please contact our support team: https://protonmail.com/support-form.
0
please no app, no mobile phone, only self-supplied question/answer which can quickly and easily be changed
0
I vote for FIDO2 support. I don’t want to use a smartphone anymore.
0
I would much love to be able to use my Yubikey rather than my phone.
0
I have a 2fa made in authy and have no access to it. Can you help me by this? I really am frustrated.. I need to access my protonmail account because there are important stuffs that I need to open.. :(
0
Please contact our support team: https://protonmail.com/support-form.
0
+1 for FIDO2 / yubikey
0
+1000 for Fido2
0
I use Authy and they don’t have any Email Support. I got problems when I had to get a New Cell-Phone and Sim Card. I was forced to Recover my Authy Account but when i did the Back-Ups didn’t work meaning I still had the “Authy Account” intact with all the things I was using to access my Account but it wouldn’t work for some reason on my New Cell-Phone and or Sim Card so who knows what the problem is.
That’s the only problem with using Authy I am kind of screwed without any Email Support from them and all I can do is now use Authy without my Account Backed-Up on it. I got to make sure the Codes I was given in case I loose Access to my Device that I Wrote down by hand don’t get lost.
0
+1 for token-based U2F
0
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal/
https://www.wired.com/2016/06/even-ftcs-lead-technologist-can-get-hacked/
When a mobile phone is hacked 2FA (two factor authentication) fails, any OTP (one time password) or TAC (transaction authorisation code) are received by the hacker who can then withdraw money from a credit card, bank account or debit card.
That’s why I’m against 2FA that uses a phone.
0
ProtonMail cannot protect against a compromised device, regardless of 2FA being activated or not.
https://protonmail.com/blog/protonmail-threat-model/
0
PLEASE WITH JUBYKEY!!!!!!
0
+1 for Yubikey
0
Please add Yubikey
0
Another thumbs-down for using a mobile phone (similar to P.W.F above). I do not have one and cannot use one for medical reasons. I am not alone. Also phones break, run out of battery, get lost or stolen, there are areas where there is no reception (but a fibre/ADSL internet may be available)…….
Use of a fixed landline is not great either – what if you are away from your landline travelling etc.?
I’m not familiar with most of the above suggestions involving technology so I can’t suggest an alternative………
0
Hi, can I use my fingerprint touch identification instead of typing the password?
0
Hi,
You can add a PIN/Biometric lock to the app in the Settings and stay logged in. The app will then require you to use your fingerprint or PIN to open.
0