2 Factor Authentication (2FA) adds an additional layer of security to your ProtonMail account by adding an additional verification to the login process to protect your account. Currently, ProtonMail supports the OTP protocol, so accounts with 2FA enabled will be prompted to enter a 6-digit code upon logging in. This 6-digit code will be generated by an app that is installed on your mobile phone.
This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.
In order to use 2FA you must have access to a second device with an authenticator application installed, through which you will receive verification codes to authenticate your login. Below you will find some different Authenticator application options. You must install one of these apps first on your mobile phone before you can use 2FA.
Android
iOS
Setting up Two Factor Authentication in ProtonMail
1. Visit the Security tab within the Settings of your account. This can only be done through the web version of ProtonMail found at mail.protonmail.com
2. Select Enable Two-Factor Authentication
3. Open the authenticator app you have chosen on your mobile device and select the option to scan a QR code, or manually enter the authentication key. To scan the code, point your devices camera at the QR code seen in the setting of your ProtonMail account. (Note: the image below is a demo, do not scan it. Scan the image shown in your account.)
4. You will see the following modal that requires you to enter the Login password of your account, along with the two-factor passcode which you will see in the authenticator application you are using.
5. ProtonMail will also provide you with several one-time use recovery codes. Please save these codes in a secure place and do NOT lose them. If you ever misplace or lose your authentication device (mobile phone, etc) these codes will be the only way to log into your account. If you ever lose your second factor device, you can enter these codes instead of the 6-digit authenticator code. Note, each code can only be used once, and they must be used in the listed order, so please save all the codes.
Optional: Switch to Single Password Mode (for Legacy users)
As of version 3.6.0, ProtonMail has switched to supporting a single password mode and this is the new default mode for newly created accounts. The single password mode combines the legacy Login and Mailbox password into a single password without compromising security or privacy. Existing users have the option to stay in two password mode, or switch to single password mode. For users that find having to enter a Login Password, 2FA code, and Mailbox password to access email too cumbersome, we recommend switching to Single Password mode to reduce the number of password prompts by one.
Vote links are missing here.
0
Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack.
0
YubiKey, OTP (one-time passwords) or similar support would be great besides the general useranme-password. How about username-password to login and YubiKey to Decrypt the messages.
0
Second vote for YubiKey. Too often I’m in a country where I don’t have access to my home country cell phone.
0
I vote for Google Authenticator.
0
Authy (Authy is better than Google Authenticator)
and/or YubiKey
0
I have already ascribed votes to this feature in the suggestion/ideas section.
Please also allow for back-up phones.
0
Yubikey in OTP mode (I use already static mode for protonmail).
0
Toopher!!!
0
I vote for yubikey and/or fido u2f standard
0
Prefer the classic “Secret question and answer”. It respects privacy.
0
Would like to see two factor authentication but without a cell phone. A cell phone ties a real identity to the account. Security questions can be guessed if enough time is spent following an individual.
I suppose, though, two factor wouldn’t be required if no one knew the email existed.
0
You guys are aware that there isn’t an option to “log in to vote” anywhere in your support system?
And no option to click anything to agree that this particular one is a good idea.
0
Yubikey in OTP mode!
0
YubiKey/OTP please!
0
I think two factor authentication is mandatory in our modern world of IT vulnerabilities and malware/botnet infestations.
YubiKey would be awesome.
ProtonMail would easily be the most secure email service on the planet with 2 factor authentication.
But now, end users are a keylogged-connection away from having their emails compromised, which is unfortunate. (These days, I honestly believe that two-factor authentication for one’s primary email account is absolutely mandatory, you’d have to be crazy not to have it).
Just one guy’s $.02.
0
Make it universal!
My Vote, U2F
0
Looking for FIDO U2F authentication standard to be implemented for the protonmail service.
0
2-factor auth should come after username/password login, but BEFORE decrypting. I don’t want attackers getting my private key, even in encrypted form.
0
I agree — two factor authentication is mandatory. Please offer it soon.
0
Absolutely – FIDO U2F please. Yubikeys sound like the way to go too. Esp their NEOs
0
up vote
without this feature protonmail would be insecure
0
Yubikey, already supported by default in Google Chrome, simple to use, robust (I am carrying one in my pocket since a year), cheap, U2F is an open standard.
0
Please add support for Yubikey!
0
Support for YubiKey would be great !
0
I’ll add a vote for Authy or Google Authenticator.
0
Authy + yubikey +1
0
Looking for FIDO U2F authentication standard
0
FIDO U2F
0
Two factor authentication needs to be enabled regardless of the number of upvotes. But I would like to request support for Google Authenticator
0
The sooner the better guys, that DDoS attack shows you are a major target. I would feel even more comfortable when you have Two Factor. I’m starting to switch all my accounts that have Two Factor over after getting my bank account hacked (they literally signed in from Nigeria) twice, which I believe was because of LastPass’s security failure.
0
yubikey OTP for sure
0
OTP Please 🙂
0
Google authenticator please!
0
Yeah, two factor authentication is a great security feature to have. Please add it soon
0
People who suggest Google Authenticator are simply misinformed. You add no security if you log into your app with Google Authenticator as your 2 Factor because they are on the same phone. If you want to use TOTP then using the Yubikey Authenticator is an option. However this can not be enforced and is a horrible idea.
Hardware based Token over NFC are by far the best option for 2 Factor on Smartphone apps. Lastpass (Password Manager) support this and it works fantastically. They use HOTP and the Yubicloud, a more modern approche would be to use U2F over NFC.
tl;dr: The most secure would definitely be U2F over NFC.
0
Please add two way authentication
0
I love this service already even though I haven’t used it yet, but not having two factor authentication would definitely be a big drawback for me.
0
Google Authenticator or Authy please
0
Yubikey is the way to go here.
The current setup (one password logs in, the other decrypts) does nothing to protect one token from the vulnerabilities of the other. For example, a keylogger could capture both passwords if they are typed.
Yubikey solves this problem.
However, it’s not true that Yubikey is “virtually unhackable” as someone claimed above. Have a look at the recently disclosed “LostPass” vulnerability. This is essentially a phishing attack in which a login screen that looks pixel-for-pixel identical to the real thing, asks the user for authentication. Password and Yubikey tokens are captured. The attacker then uses these to authenticate himself and gain entry to LastPass.
Nevertheless, Yubikey is far more secure than almost all other 2FA alternatives. For example, NFC Yubikey-enabled logins bypass the problem of logging in through a phone app when its the same phone that would receive Google Authenticator or Authy codes.
Finally, someone above said that Yubikey could not be enforced.
That’s true. But you can’t enforce people using sensible, long and complicated passwords. Or checking their computer for vulnerabilities, rootkits, viruses and a whole lot else besides.
You can’t force everyone to use 2FA, or Yubikey specifically. But that doesn’t mean it shouldn’t be an option. It should.
0
Still can’t Vote for this but YubiKey.
I can’t and won’t use ProtonMail as my default email provider unless it offers two-factor authentication.
0
” Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack. ”
Totally agree with these words. Thank you Duane Christensen.
It would be a great idea to implement Authy. We are working with them for years and have had 0 problems. Authy.com is a very good solution.
Regards
0
It would be nice to use google authenticator too. There’s no need to use mobile numbers and I don’t care if google knows my email (it anyway does).
0
I see that there are requests for many different forms of second factor authentication. I would appreciate the option to choose many, similar to Lastpass.
0
Please add it, this is a must! A keylogger on your computer and you are done..
0
Google authenticator.
0
Please enable two factor authentication with Ubikey.
Thanks
0
Two-factor implementation is imperative. Basing authentication in passwords is shown to be so weak as to use only the identification.
Passwords are dead.
No use having the entire system encrypted mail if you can access with a simple password.
People use weak password. And the computers is far superior to these. Also social engineering.
A double factor based on something that you have, as a mobile phone, for most people is really simple. There are many applications that generate a seed. SMS sending is not necessary.
It is also interesting to evaluate the direct use of the second factor as the only factor, because if this is used for recovery of the password, the password is not need, except for the convenience of access only with password to an already verified and saved device.
In any case, today a service like this should implement double factor if want to be safe. Meanwhile, this is serious failure for choose this service of mail as the main day to day or for use in actual need for privacy.
0
2FA all the way!
0
A must have for this type of email account
0
Two Factor Authentication is a MUST this days, this times … nowadays every serious company that desire to keeps data and wants to keep their users safely have it, and it’s not a must because every companies have it, but because PROTONMAIL without Two Factor Authentication it’s a incomplete solution! It has it all right, except this.
I hope we will see soon this implemented .
Thank you
0
Yubikey and Google authenticator would be great additions for 2FA.
0
This is critical feature for my team
0
DUO woult be nice
0
DUO would be nice!
0
I vote for Google Authenticator.
0
google authenticator please!
0
I’d be happy with anything but yubikey support would definitely be my preference.
0
Yubikey for the best !
0
I do love the service Protonmail offer but as long you guys can’t offer two factor authenticator, i will not use it as a primary e-mailservice. Sadly!
0
Google Authenticator é boa ideia
0
up vote
I use the FreeOTP Android app, which, I think, also works if Google Authenticator is supported.
0
Only reason I haven’t fully switched to ProtonMail yet is lack of 2FA .. everything else looks good. Would be a terrific addition
0
+1 – no upvote buttons here
0
Authy is a super 2FA solution that works just as well as google’s but isn’t owned by Google. Bottom line, 2FA is not a negotiable if proton mail wants to be a serious player in the secure privacy world.
0
I vote for Authy or LastPass Authenticator.
0
Please add support for Yubikey.
0
+1 for yubikey u2f or at least otp / time based otp
0
Please add it asap. No protection against keyloggers ….
0
Would also like to see this!
0
OTP Authenticator
Swiss SafeLab OTP Authenticator is a free strong one-time password app.
0
Google Authenticator would be great!
0
2FA using Authy with backup via phone / SMS for those of us that can’t have our phone or a Ubikey everywhere we are. Authy over Google Auth because Google Auth is a pain when you switch phones, etc. whereas Authy carries over regardless.
0
U2F Universal Two Facto Authentication would be great!
0
PLEASE add this! I request the 2fa apps
0
yes, 2fa please!
0
I’d like to vote for this too. Would be nice if it integrated with Duo for push.
0
Soon is not soon enough. Hurry up with the 2FA
0
Yes! ProtonMail definitely needs 2FA!
0
Yes!
0
Two-factor authentication is a must-have feature. Hopefully it will be implemented soon.
0
I vote for an U2F key including happlink and yukikey among possibles hardware to have, associated with a good old long enough password for the knowledge factor.
0
Still no progress a year after 2FA was suggested a year ago?
The only thing stopping me paying for a premium account is the lack of U2F authentication.
0
would love 2f auth
0
Please add 2FA as soon as possible. This is the one thing I need to switch over to protonmail 100%
0
Hi,
We are planning to implement 2FA by the end of the year. For more information please visit this link: https://protonmail.com/blog/secure-email-roadmap/
0
FIDO U2F please
0
Two factor auth please
0
This has been on the road map for 2 years, when are you going to implement it?
0
yubikey 4 pls
0
We are planning on implementing 2FA this year: https://protonmail.com/blog/secure-email-roadmap/
0
yeah,
once yubikey 4 is supported, i will switch to premium account. hehehe
0
That’s great to hear. Hopefully you will choose FIDO U2F, it’s widely used already and the most convenient. Google Auth is not secure, neither is SMS verification.
0
Bump re 2FA authentication using industry standard like OpenID or Google OAuth 2.0
0
Authy, the Best option
0
there is no up vote botton.
0
I would appreciate 2FA for additional security. Following options should be offered (in order of importance). 1. mobile phone, 2. email, 3. Google OAuth 4. other solutions.
0
Can you please try clicking on the “Helpful” button?
0
Please add ASAP.
A keystroke logger defeats ALL of (personal) security mechanisms. I have not migrated to PM because of this and only this.
Please add.
Also – cannot vote above
0
+1 for FIDO U2F
0
+1 for Authy or any 2fa
0
+1 2FA
Google Authenticator + U2F
0
I look forward to this feature being implemented.
0
Waiting for this feature.
0
Two factor authentication is a HUGE deal and a must have for a service. I feel this is protonmail’s biggest drawback by far, especially since almost every email service has this.
0
Also, I wasn’t able to upvote this article, but would have.
0
Also, please allow us to use FIDO U2F keys please.
0
Authy please!
0
Duo Security for 2Fa. Auth.
0
Hi, please enable 2FA, so I can do a complete switch from other email solution that provides the authentication (and pay for premium), without 2FA this is just a toy for now.
0
PLEASE hurry an enable 2FA. I don’t care if it’s Premium only for now, I just need the feature.
I use protonmail for my business and we are high-profile and have numerous attacks in the past.
Yubikey supprt would be best, but I will settle for Google Authenticator. Just don’t require SMS or “questions and answers” as both are insecure.
0
It’s is great to see that ProtonMail will be adding 2FA to its security measures. Can you provide any insights at to which 2FA methods will be available?
0
Any update on this? Would gladly make a donation towards its implementation.
0
Is there any update on this?
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
We are still working on this, and exploring multiple options. More details will be available when we are ready to implement it.
0
I seem to be having incoming mail blocked…..also I get frequent “too many attempt to log in” messages when I am trying to log in. Can a third party block incoming mail? And do you have such a message at log-in? Thank you
0
The idea of protomail is good. But protonmail is not a real alternative as long as 2FA is not supported.
0
It’s been 1 year.
Yes the response from 1 day ago indicates it is still in the works, but for all us paid investors this is a huge pain point and quite simply unacceptable if ProtonMail wishes to be at the forefront of email security. YubiKey, Toopher, GoogleAuth, etc. needs to be implemented ASAP. It should be the top priority of any security conscious company.
If a hack occurs against ProtonMail due to not having this feature implemented, ProtonMail would likely see a large exodus in funding and accounts.
Love the service though and your customer service rocks! 🙂
0
We will be adding 2FA very soon. Thank you for your patience!
0
Can you please contact us at contact@protonmail.com if you are still experiencing this issue?
0
+1 for YubiKey, Authy and/or Google Authenticator. Good to hear that 2FA is “coming soon” Support Team. 🙂
0
i would like to upvote please !!!! can’t work out how to.
0
Cannot upvote. Need this feature.
0
You can use the vote buttons, but only once. Once you have clicked on helpful/not helpful the button becomes inactive, and you can only click the other one to change your vote.
0
I vote for Nitrokey
0
I also cannot upvote this issue. The “Helpful” button is not enabled for clicking, only the “Not Helpful” and I have NEVER clicked either. Please fix this. I also would vote in favor of Yubikey as an option but Authy would also be a good option, hopefully you would support multiple options.
0
Also voting for Authy/Yubikey. Would love to ditch my current email for protonmail, but 2FA is too critical for protection against key loggers to give up.
0
I’ll pay for an account once 2FA is implemented
0
Please Support Yubikey and Google Authenticator.
See more:
https://www.yubico.com
https://github.com/yubico
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
https://github.com/google/google-authenticator
best regards
0
I vote for Two Factor Authentication
0
Authy or an NFC/Yubikey thingie.
0
I will upgrade an account as soon 2FA is implemented
0
Two Factor Authentication is an absolute must in 2016. I cannot take protonmail seriously without such a basic feature. Love the product in general and I am using it but not as my primary account until 2FA is enabled.
0
Bump. Needs 2FA
0
2FA, please. I use my Yubikey everyday with every account that supports it. Thanks.
0
I would make a deal with Threema!
0
2FA definitely – open source – no additional cost for the 2FA solution please – I am a paid member
0
2FA please! Authy would be great.
0
Yes I vote on this too! It is a must to have.
Hardwareccccccfnitukehei or software would be ok
0
TFA is a must and would be very well welcomed here!
Hardware or software.
Thanks
0
+1 for 2FA
0
I vote! Any type of it is must be
0
I cannot wait to see it coming. Had some strange behavior on my account looking at the authentication logs late August. 2FA would be very welcome!
0
Two factor authentication is mandatory today.
0
Given the security and privacy that is core to the Proton Mail mission, I’m surprised that two factor authentication wasn’t part of the MVP. Authy is an open source client that works on multiple platforms that could manage the client side work. Please consider this a bold double handed vote for 2 factor authentication. This article at Wired is four years old. The TL;DR is that the security flaws in Apple and Amazon’s process would have been mitigated had the author simply had 2 factor authentication implemented on his gmail account: https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
0
Please implement Trusona for MFA! They are leading the #NoPassword revolution.
0
+1
We need it please.
Thank you.
0
What is the deal, two years ago it was “integrate it into our login process soon.” ???!!!
This should be basic stuff for a security focused company….
0
+1 Please add it, it’s necessary to have this in this kind of days 🙂
0
Please add 2FA. Why not?
0
We are working on this, and we want to make it as easy as possible for the users.
0
We are working on adding this feature, but we do not have an exact date when it will be available.
0
Shocking it’s not implemented yet. Seems even those that don’t focus on security have this.
0
+1 Please add it.
It would be great for free users too – not just for paying! Think of how many new signups you’d have?
0
That’s a feature that should’ve been there from the get-go.
I don’t know how can one think of secure service without MFA.
Just implement TOTP, there are plenty of ready libraries.
0
Big +1; TOTP is the easiest and most convenient for the end-user.
0
Would love this feature ASAP. I’m even using Yubikey with my Gmail account.
0
As George said: I will upgrade an account as soon 2FA is implemented
Protonmail without 2FA is only BETA/Demo for me.
Please send me an email as soon as 2FA has been implemented, and I will hit the ‘Upgrade’ button.
Thanks!
0
i have a suggestion for two factor authentication maybe integrate the yubikey product.
0
Agreed. This security feature is a must have option for any security conscious service.
0
I’d like to vote to add this, too. U2F would be ideal.
0
I’m super confused. Does 2FA exist or not exist on ProtonMail? I opened my email account today and one of the emails was introducing me to 2FA and telling me how to enable it. But I don’t seem to have 2FA under the Security tab as the instructions tell me.
So can somebody confirm whether it really does exist or not? I use 2FA on everything possible.
0
Microsoft Authenticator is not supported??
0
Unfortunately, I don’t have a smartphone, I’m still using my old flip-phone, is it possible to use SMS for 2FA like Gmail does?
And can I use 2FA alongside the Mailbox password, making into 3FA?
Thanks!
0
This is a good step in the right direction, but OTP is less secure than U2F, which is what larger tech companies are beginning use (at least for employees). Please do not neglect this important, open, and widely used and supported 2FA standard.
0
Thx for the 2FA that is added now.
For the record, Blackberry users can use Authomator (http://www.authomator.com/).
Available via Blackberry World (off course)
0
Great to see 2FA is implemented. For those who use a Blackberry, you can use Authomator for your 2FA code: https://appworld.blackberry.com/webstore/content/22517879/
0
Google authenticator make no sense against The privacy Protonmail aim to
0
Google authenticator worked for me, but not FreeOTP….
0
You should send an sms with a code for people who do not want Internet on their phone.
0
You should send an sms for those who do not want Internet on their phone.
0
Too dangerous because SMS can be easily intercepted.
0
You can use it with two password mode. We don’t support SMS, but you can install a 2FA app on your desktop.
0
If it is OTP, it should work.
0
You have to refresh to update to the latest version of ProtonMail.
0