Two-factor authentication (2FA) is an additional layer of security for your ProtonMail account. With 2FA enabled, you will be prompted to enter a 6-digit code when you log in to your account. This 6-digit code will be generated by an app installed on your mobile phone.
This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.
To use 2FA, you must first install an authenticator app on your mobile phone and have access to your phone while logging in to your account. There are many authenticator apps to choose from. Below are a few options.
iOS and iPadOS
Setting up two-factor authentication in ProtonMail
1. Log in to mail.protonmail.com and go to Settings → Account → Password & recovery → Passwords and enable Two-factor authentication. This will bring up an information panel. Click Next when you’re ready to start.
2. You will now see a QR code. Open the authenticator app on your mobile device, select the option to scan a QR code, and point your device’s camera at it. Note: do not scan the demo image shown below. Scan the image shown in your account settings.
You can also enter the 2FA key into your authenticator app manually if you prefer.
Once your ProtonMail account has been successfully added to your authenticator app, click Next.
3. Enter your ProtonMail account password and the 6-figure time-sensitive code provided by your authenticator app. Click Submit when you’re done.
4. ProtonMail will now provide you with several 1-time use recovery codes. Please save these codes in a secure place and do not lose them.
If you ever misplace or lose your authentication device (mobile phone, etc.), these codes provide the only way to log in to your account. If you ever lose your second-factor device, you can enter these codes instead of the 6-digit code provided by your authenticator code app. Each code can only be used once, so save all the codes.
Please note that resetting your ProtonMail password will automatically disable 2FA. In this case, you will need to manually enable it again by going to your Settings → Account → Password & recovery → Passwords → Two-factor authentication.
How to authenticate from multiple devices
If you wish to receive your 6-digit authentication codes on multiple devices — for example, your phone and your tablet — you must have an authentication app installed on each device. Then:
1. If you have already enabled two-factor authentication, you will need to disable it.
2. Go to Settings → Account → Password & recovery → Passwords → Two-factor authentication and scan the QR code using the authenticator app on each device. You can also take a screenshot of the QR code and save it for later to scan with your other devices.
Or you can also enter the 2FA key into your authenticator app manually if you prefer.
If you encounter any problems, please see our support article on Two-factor authentication (2FA) is not working.
Two password mode (legacy users)
ProtonMail now uses One Password Mode by default, but some early adopters may still be using our legacy Two Password Mode authentication system. We can combine Two Password Mode with 2FA, but some users may find entering a Login password, 2FA code, and Mailbox password too cumbersome.
In this case, we recommend switching to One Password Mode with 2FA enabled.