2 Factor Authentication (2FA) adds an additional layer of security to your ProtonMail account by adding an additional verification to the login process to protect your account. Currently, ProtonMail supports the OTP protocol, so accounts with 2FA enabled will be prompted to enter a 6-digit code upon logging in. This 6-digit code will be generated by an app that is installed on your mobile phone.
This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.
In order to use 2FA you must have access to a second device with an authenticator application installed, through which you will receive verification codes to authenticate your login. Below you will find some different Authenticator application options. You must install one of these apps first on your mobile phone before you can use 2FA.
Android
iOS
Setting up Two Factor Authentication in ProtonMail
1. Visit the Security tab within the Settings of your account. This can only be done through the web version of ProtonMail found at mail.protonmail.com
2. Select Enable Two-Factor Authentication
3. Open the authenticator app you have chosen on your mobile device and select the option to scan a QR code, or manually enter the authentication key. To scan the code, point your devices camera at the QR code seen in the setting of your ProtonMail account. (Note: the image below is a demo, do not scan it. Scan the image shown in your account.)
4. You will see the following modal that requires you to enter the Login password of your account, along with the two-factor passcode which you will see in the authenticator application you are using.
5. ProtonMail will also provide you with several one-time use recovery codes. Please save these codes in a secure place and do NOT lose them. If you ever misplace or lose your authentication device (mobile phone, etc) these codes will be the only way to log into your account. If you ever lose your second factor device, you can enter these codes instead of the 6-digit authenticator code. Note, each code can only be used once, and they must be used in the listed order, so please save all the codes.
How to authenticate from multiple devices
If you wish to receive you six-digit authentication codes on multiple devices — say, your phone and your tablet — you must have an authentication app installed on each device. Then follow the steps below:
- If you have already enabled two-factor authentication you will need to disable it.
- Then navigate to Settings -> Security and click on “Enable two-factor authentication”.
- Scan the QR code using the authenticator app on each device. You can also make a screenshot of the QR code and save it for later to scan with your other devices.
Or, instead of scanning the QR code, the other option is to click on the “Enter key manually instead” button.
You will be provided with a key that you will need to enter manually in the 2FA app.
For example, below are some screenshots showing how to enter the key manually using Google Authenticator:
If the 2FA is not working, please check the following article for the most common 2FA login problems.
Optional: Switch to Single Password Mode (for Legacy users)
As of version 3.6.0, ProtonMail has switched to supporting a single password mode and this is the new default mode for newly created accounts. The single password mode combines the legacy Login and Mailbox password into a single password without compromising security or privacy. Existing users have the option to stay in two password mode, or switch to single password mode. For users that find having to enter a Login Password, 2FA code, and Mailbox password to access email too cumbersome, we recommend switching to Single Password mode to reduce the number of password prompts by one.
Vote links are missing here.
0
Mobile VPN not working with WiFi strong signal?
0
Please contact ProtonVPN support at https://protonvpn.com/support-form.
0
Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack.
0
YubiKey, OTP (one-time passwords) or similar support would be great besides the general useranme-password. How about username-password to login and YubiKey to Decrypt the messages.
0
A vote for Yubikey.
It would be great it ProtonMail could implement hardware token support.
OTP: https://developers.yubico.com/OTP/
U2F: https://developers.yubico.com/U2F/
0
+1 vote for FIDO 2FA Authentication (Yubikey is one FIDO 2FA USB implementation)
-> https://fidoalliance.org
0
Second vote for YubiKey. Too often I’m in a country where I don’t have access to my home country cell phone.
0
I vote for Google Authenticator.
0
Authy (Authy is better than Google Authenticator)
and/or YubiKey
0
I have already ascribed votes to this feature in the suggestion/ideas section.
Please also allow for back-up phones.
0
Yubikey in OTP mode (I use already static mode for protonmail).
0
Toopher!!!
0
I vote for yubikey and/or fido u2f standard
0
Prefer the classic “Secret question and answer”. It respects privacy.
0
me too. I am not that savvy with computers, and this would work for me.
0
That would be better than downloading an app. 🙂
0
Would like to see two factor authentication but without a cell phone. A cell phone ties a real identity to the account. Security questions can be guessed if enough time is spent following an individual.
I suppose, though, two factor wouldn’t be required if no one knew the email existed.
0
I would prefer to have two factor without a cell phone as well. Not everyone can afford a cell phone, home phone and internet as well. I really like to have the secret questions and answers and preferably the choice to create your OWN questions and answers, not the standard ones.
0
You guys are aware that there isn’t an option to “log in to vote” anywhere in your support system?
And no option to click anything to agree that this particular one is a good idea.
0
Yubikey in OTP mode!
0
YubiKey/OTP please!
0
I think two factor authentication is mandatory in our modern world of IT vulnerabilities and malware/botnet infestations.
YubiKey would be awesome.
ProtonMail would easily be the most secure email service on the planet with 2 factor authentication.
But now, end users are a keylogged-connection away from having their emails compromised, which is unfortunate. (These days, I honestly believe that two-factor authentication for one’s primary email account is absolutely mandatory, you’d have to be crazy not to have it).
Just one guy’s $.02.
0
Make it universal!
My Vote, U2F
0
Looking for FIDO U2F authentication standard to be implemented for the protonmail service.
0
2-factor auth should come after username/password login, but BEFORE decrypting. I don’t want attackers getting my private key, even in encrypted form.
0
I agree — two factor authentication is mandatory. Please offer it soon.
0
Absolutely – FIDO U2F please. Yubikeys sound like the way to go too. Esp their NEOs
0
up vote
without this feature protonmail would be insecure
0
Yubikey, already supported by default in Google Chrome, simple to use, robust (I am carrying one in my pocket since a year), cheap, U2F is an open standard.
0
Please add support for Yubikey!
0
Support for YubiKey would be great !
0
I’ll add a vote for Authy or Google Authenticator.
0
Authy + yubikey +1
0
Looking for FIDO U2F authentication standard
0
FIDO U2F
0
Two factor authentication needs to be enabled regardless of the number of upvotes. But I would like to request support for Google Authenticator
0
The sooner the better guys, that DDoS attack shows you are a major target. I would feel even more comfortable when you have Two Factor. I’m starting to switch all my accounts that have Two Factor over after getting my bank account hacked (they literally signed in from Nigeria) twice, which I believe was because of LastPass’s security failure.
0
yubikey OTP for sure
0
OTP Please 🙂
0
Google authenticator please!
0
Yeah, two factor authentication is a great security feature to have. Please add it soon
0
People who suggest Google Authenticator are simply misinformed. You add no security if you log into your app with Google Authenticator as your 2 Factor because they are on the same phone. If you want to use TOTP then using the Yubikey Authenticator is an option. However this can not be enforced and is a horrible idea.
Hardware based Token over NFC are by far the best option for 2 Factor on Smartphone apps. Lastpass (Password Manager) support this and it works fantastically. They use HOTP and the Yubicloud, a more modern approche would be to use U2F over NFC.
tl;dr: The most secure would definitely be U2F over NFC.
0
Please add two way authentication
0
I love this service already even though I haven’t used it yet, but not having two factor authentication would definitely be a big drawback for me.
0
Google Authenticator or Authy please
0
Yubikey is the way to go here.
The current setup (one password logs in, the other decrypts) does nothing to protect one token from the vulnerabilities of the other. For example, a keylogger could capture both passwords if they are typed.
Yubikey solves this problem.
However, it’s not true that Yubikey is “virtually unhackable” as someone claimed above. Have a look at the recently disclosed “LostPass” vulnerability. This is essentially a phishing attack in which a login screen that looks pixel-for-pixel identical to the real thing, asks the user for authentication. Password and Yubikey tokens are captured. The attacker then uses these to authenticate himself and gain entry to LastPass.
Nevertheless, Yubikey is far more secure than almost all other 2FA alternatives. For example, NFC Yubikey-enabled logins bypass the problem of logging in through a phone app when its the same phone that would receive Google Authenticator or Authy codes.
Finally, someone above said that Yubikey could not be enforced.
That’s true. But you can’t enforce people using sensible, long and complicated passwords. Or checking their computer for vulnerabilities, rootkits, viruses and a whole lot else besides.
You can’t force everyone to use 2FA, or Yubikey specifically. But that doesn’t mean it shouldn’t be an option. It should.
0
Still can’t Vote for this but YubiKey.
I can’t and won’t use ProtonMail as my default email provider unless it offers two-factor authentication.
0
” Would vote for the option of two-factor authentication, assuming a correct interpretation of what differing factors of authentication are. There are currently three main “factors” to consider; what you know (username and password), what you are (biometrics) and what you have (cell phone, dongle, etc.). Personally I prefer a combo of what I know and what I have. A simple multi-digit code sent to my cell at the moment of login attempt as an addition to my username and password is the easiest to implement and virtually makes it impossible to hack. ”
Totally agree with these words. Thank you Duane Christensen.
It would be a great idea to implement Authy. We are working with them for years and have had 0 problems. Authy.com is a very good solution.
Regards
0
It would be nice to use google authenticator too. There’s no need to use mobile numbers and I don’t care if google knows my email (it anyway does).
0
I see that there are requests for many different forms of second factor authentication. I would appreciate the option to choose many, similar to Lastpass.
0
Please add it, this is a must! A keylogger on your computer and you are done..
0
Google authenticator.
0
Please enable two factor authentication with Ubikey.
Thanks
0
Two-factor implementation is imperative. Basing authentication in passwords is shown to be so weak as to use only the identification.
Passwords are dead.
No use having the entire system encrypted mail if you can access with a simple password.
People use weak password. And the computers is far superior to these. Also social engineering.
A double factor based on something that you have, as a mobile phone, for most people is really simple. There are many applications that generate a seed. SMS sending is not necessary.
It is also interesting to evaluate the direct use of the second factor as the only factor, because if this is used for recovery of the password, the password is not need, except for the convenience of access only with password to an already verified and saved device.
In any case, today a service like this should implement double factor if want to be safe. Meanwhile, this is serious failure for choose this service of mail as the main day to day or for use in actual need for privacy.
0
2FA all the way!
0
A must have for this type of email account
0
Two Factor Authentication is a MUST this days, this times … nowadays every serious company that desire to keeps data and wants to keep their users safely have it, and it’s not a must because every companies have it, but because PROTONMAIL without Two Factor Authentication it’s a incomplete solution! It has it all right, except this.
I hope we will see soon this implemented .
Thank you
0
Yubikey and Google authenticator would be great additions for 2FA.
0
This is critical feature for my team
0
DUO woult be nice
0
DUO would be nice!
0
I vote for Google Authenticator.
0
google authenticator please!
0
I’d be happy with anything but yubikey support would definitely be my preference.
0
Yubikey for the best !
0
I do love the service Protonmail offer but as long you guys can’t offer two factor authenticator, i will not use it as a primary e-mailservice. Sadly!
0
Google Authenticator é boa ideia
0
up vote
I use the FreeOTP Android app, which, I think, also works if Google Authenticator is supported.
0
Only reason I haven’t fully switched to ProtonMail yet is lack of 2FA .. everything else looks good. Would be a terrific addition
0
+1 – no upvote buttons here
0
Authy is a super 2FA solution that works just as well as google’s but isn’t owned by Google. Bottom line, 2FA is not a negotiable if proton mail wants to be a serious player in the secure privacy world.
0
I vote for Authy or LastPass Authenticator.
0
Please add support for Yubikey.
0
+1 for yubikey u2f or at least otp / time based otp
0
Please add it asap. No protection against keyloggers ….
0
Would also like to see this!
0
OTP Authenticator
Swiss SafeLab OTP Authenticator is a free strong one-time password app.
0
Google Authenticator would be great!
0
2FA using Authy with backup via phone / SMS for those of us that can’t have our phone or a Ubikey everywhere we are. Authy over Google Auth because Google Auth is a pain when you switch phones, etc. whereas Authy carries over regardless.
0
U2F Universal Two Facto Authentication would be great!
0
PLEASE add this! I request the 2fa apps
0
yes, 2fa please!
0
I’d like to vote for this too. Would be nice if it integrated with Duo for push.
0
Soon is not soon enough. Hurry up with the 2FA
0
Yes! ProtonMail definitely needs 2FA!
0
Yes!
0
Two-factor authentication is a must-have feature. Hopefully it will be implemented soon.
0
I vote for an U2F key including happlink and yukikey among possibles hardware to have, associated with a good old long enough password for the knowledge factor.
0
Still no progress a year after 2FA was suggested a year ago?
The only thing stopping me paying for a premium account is the lack of U2F authentication.
0
Hi,
We are planning to implement 2FA by the end of the year. For more information please visit this link: https://protonmail.com/blog/secure-email-roadmap/
0
would love 2f auth
0
Please add 2FA as soon as possible. This is the one thing I need to switch over to protonmail 100%
0
FIDO U2F please
0
Two factor auth please
0
This has been on the road map for 2 years, when are you going to implement it?
0
We are planning on implementing 2FA this year: https://protonmail.com/blog/secure-email-roadmap/
0
yubikey 4 pls
0
yeah,
once yubikey 4 is supported, i will switch to premium account. hehehe
0
That’s great to hear. Hopefully you will choose FIDO U2F, it’s widely used already and the most convenient. Google Auth is not secure, neither is SMS verification.
0
Bump re 2FA authentication using industry standard like OpenID or Google OAuth 2.0
0
Authy, the Best option
0
there is no up vote botton.
0
Can you please try clicking on the “Helpful” button?
0
I would appreciate 2FA for additional security. Following options should be offered (in order of importance). 1. mobile phone, 2. email, 3. Google OAuth 4. other solutions.
0
Please add ASAP.
A keystroke logger defeats ALL of (personal) security mechanisms. I have not migrated to PM because of this and only this.
Please add.
Also – cannot vote above
0
+1 for FIDO U2F
0
+1 for Authy or any 2fa
0
+1 2FA
Google Authenticator + U2F
0
I look forward to this feature being implemented.
0
Waiting for this feature.
0
Two factor authentication is a HUGE deal and a must have for a service. I feel this is protonmail’s biggest drawback by far, especially since almost every email service has this.
0
Also, I wasn’t able to upvote this article, but would have.
0
Also, please allow us to use FIDO U2F keys please.
0
Authy please!
0
Duo Security for 2Fa. Auth.
0
Hi, please enable 2FA, so I can do a complete switch from other email solution that provides the authentication (and pay for premium), without 2FA this is just a toy for now.
0
PLEASE hurry an enable 2FA. I don’t care if it’s Premium only for now, I just need the feature.
I use protonmail for my business and we are high-profile and have numerous attacks in the past.
Yubikey supprt would be best, but I will settle for Google Authenticator. Just don’t require SMS or “questions and answers” as both are insecure.
0
It’s is great to see that ProtonMail will be adding 2FA to its security measures. Can you provide any insights at to which 2FA methods will be available?
0
We are still working on this, and exploring multiple options. More details will be available when we are ready to implement it.
0
Any update on this? Would gladly make a donation towards its implementation.
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
Is there any update on this?
0
We are working on this, and it should be available in the future, but we don’t have an exact date.
0
I seem to be having incoming mail blocked…..also I get frequent “too many attempt to log in” messages when I am trying to log in. Can a third party block incoming mail? And do you have such a message at log-in? Thank you
0
Can you please contact us at contact@protonmail.com if you are still experiencing this issue?
0
The idea of protomail is good. But protonmail is not a real alternative as long as 2FA is not supported.
0
We will be adding 2FA very soon. Thank you for your patience!
0
It’s been 1 year.
Yes the response from 1 day ago indicates it is still in the works, but for all us paid investors this is a huge pain point and quite simply unacceptable if ProtonMail wishes to be at the forefront of email security. YubiKey, Toopher, GoogleAuth, etc. needs to be implemented ASAP. It should be the top priority of any security conscious company.
If a hack occurs against ProtonMail due to not having this feature implemented, ProtonMail would likely see a large exodus in funding and accounts.
Love the service though and your customer service rocks! 🙂
0
+1 for YubiKey, Authy and/or Google Authenticator. Good to hear that 2FA is “coming soon” Support Team. 🙂
0
i would like to upvote please !!!! can’t work out how to.
0
You can use the vote buttons, but only once. Once you have clicked on helpful/not helpful the button becomes inactive, and you can only click the other one to change your vote.
0
Cannot upvote. Need this feature.
0
I vote for Nitrokey
0
I also cannot upvote this issue. The “Helpful” button is not enabled for clicking, only the “Not Helpful” and I have NEVER clicked either. Please fix this. I also would vote in favor of Yubikey as an option but Authy would also be a good option, hopefully you would support multiple options.
0
Also voting for Authy/Yubikey. Would love to ditch my current email for protonmail, but 2FA is too critical for protection against key loggers to give up.
0
I’ll pay for an account once 2FA is implemented
0
Please Support Yubikey and Google Authenticator.
See more:
https://www.yubico.com
https://github.com/yubico
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
https://github.com/google/google-authenticator
best regards
0
I vote for Two Factor Authentication
0
Authy or an NFC/Yubikey thingie.
0
I will upgrade an account as soon 2FA is implemented
0
Two Factor Authentication is an absolute must in 2016. I cannot take protonmail seriously without such a basic feature. Love the product in general and I am using it but not as my primary account until 2FA is enabled.
0
Bump. Needs 2FA
0
2FA, please. I use my Yubikey everyday with every account that supports it. Thanks.
0
I would make a deal with Threema!
0
2FA definitely – open source – no additional cost for the 2FA solution please – I am a paid member
0
2FA please! Authy would be great.
0
Yes I vote on this too! It is a must to have.
Hardwareccccccfnitukehei or software would be ok
0
TFA is a must and would be very well welcomed here!
Hardware or software.
Thanks
0
+1 for 2FA
0
I vote! Any type of it is must be
0
I cannot wait to see it coming. Had some strange behavior on my account looking at the authentication logs late August. 2FA would be very welcome!
0
Two factor authentication is mandatory today.
0
Given the security and privacy that is core to the Proton Mail mission, I’m surprised that two factor authentication wasn’t part of the MVP. Authy is an open source client that works on multiple platforms that could manage the client side work. Please consider this a bold double handed vote for 2 factor authentication. This article at Wired is four years old. The TL;DR is that the security flaws in Apple and Amazon’s process would have been mitigated had the author simply had 2 factor authentication implemented on his gmail account: https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
0
Please implement Trusona for MFA! They are leading the #NoPassword revolution.
0
+1
We need it please.
Thank you.
0
What is the deal, two years ago it was “integrate it into our login process soon.” ???!!!
This should be basic stuff for a security focused company….
0
We are working on this, and we want to make it as easy as possible for the users.
0
+1 Please add it, it’s necessary to have this in this kind of days 🙂
0
Please add 2FA. Why not?
0
We are working on adding this feature, but we do not have an exact date when it will be available.
0
Shocking it’s not implemented yet. Seems even those that don’t focus on security have this.
0
+1 Please add it.
It would be great for free users too – not just for paying! Think of how many new signups you’d have?
0
That’s a feature that should’ve been there from the get-go.
I don’t know how can one think of secure service without MFA.
Just implement TOTP, there are plenty of ready libraries.
0
Big +1; TOTP is the easiest and most convenient for the end-user.
0
Would love this feature ASAP. I’m even using Yubikey with my Gmail account.
0
As George said: I will upgrade an account as soon 2FA is implemented
Protonmail without 2FA is only BETA/Demo for me.
Please send me an email as soon as 2FA has been implemented, and I will hit the ‘Upgrade’ button.
Thanks!
0
i have a suggestion for two factor authentication maybe integrate the yubikey product.
0
Agreed. This security feature is a must have option for any security conscious service.
0
I’d like to vote to add this, too. U2F would be ideal.
0
I’m super confused. Does 2FA exist or not exist on ProtonMail? I opened my email account today and one of the emails was introducing me to 2FA and telling me how to enable it. But I don’t seem to have 2FA under the Security tab as the instructions tell me.
So can somebody confirm whether it really does exist or not? I use 2FA on everything possible.
0
You have to refresh to update to the latest version of ProtonMail.
0
Microsoft Authenticator is not supported??
0
If it is OTP, it should work.
0
Unfortunately, I don’t have a smartphone, I’m still using my old flip-phone, is it possible to use SMS for 2FA like Gmail does?
And can I use 2FA alongside the Mailbox password, making into 3FA?
Thanks!
0
You can use it with two password mode. We don’t support SMS, but you can install a 2FA app on your desktop.
0
This is a good step in the right direction, but OTP is less secure than U2F, which is what larger tech companies are beginning use (at least for employees). Please do not neglect this important, open, and widely used and supported 2FA standard.
0
Thx for the 2FA that is added now.
For the record, Blackberry users can use Authomator (http://www.authomator.com/).
Available via Blackberry World (off course)
0
Great to see 2FA is implemented. For those who use a Blackberry, you can use Authomator for your 2FA code: https://appworld.blackberry.com/webstore/content/22517879/
0
Google authenticator make no sense against The privacy Protonmail aim to
0
Google authenticator worked for me, but not FreeOTP….
0
You should send an sms with a code for people who do not want Internet on their phone.
0
Too dangerous because SMS can be easily intercepted.
0
You should send an sms for those who do not want Internet on their phone.
0
As Protonmail does not support yet Yubikey I use as 2nd Auth Factor Yubico Authenticator, that is the same as Google Auth but need the yubikey to generate codes.
The problem is that I use multiple keys, for example one in the desktop and another for mobile.
Aditionally both keys work as a backup or altenative method in case of loss.
As far as I see Protonmail only allows one method for 2nd Factor Auth. Why not allowing more than one method?
0
We plan on supporting more 2FA methods in the future, but we do not have a timeline at the moment.
0
So if Protonmail supports OTP then it would support Yubikey right?
0
I think what would be REALLY NICE too, is a similar article for the other end of the process, which is “how to migrate 2FA to a new device (be it a phone or tablet)”. Good thing you provided those one-time use codes, or that would have been it. And I had to use two codes, one to log in, then one to deactivate 2FA. From there all was good to reactivate it. Now that it’s fresh in my head, I will probably remember… in two years. Yeah. Right. I’m 55 now, and memory recall is not what it used to be. I guess I’m writing that on paper, but my method may not be the most elegant… 😉
0
https://thehackernews.com/2017/05/ss7-vulnerability-bank-hacking.html
0
Too factor authentication… not full proof since… a while…
0
Hi! Can I use WinAuth ?
0
Any authenticator app that supports the OTP protocol can be used with ProtonMail.
0
my phone damaged. how can i login with two factor pass code ? please help me
0
Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Yubi key or Google Auth.
0
Any updates on Yubikey/U2F support? U2F is now supported via W3C/WebAuthN in both Chrome and Firefox now. Edge promising support any day now. REALLY need this. OTP is not secure, it can be phished and man-in-it-the-middled in real-time just as easily as a long-lived password.
0
Are there plans to suppurt Yubikey or is this the extent ProtonMail will support 2FA?
0
Please add support for Yubico/Yubikey for 2FA. Its much more secure than using Phone 2FA! Also its the only way to compete with the new Gmail Advanced Protection plan.
0
LastPass Authenticator should be supported too!
0
Any authenticator that uses the OTP protocol should work with ProtonMail.
0
Also wishing for Yubikey/U2F
0
I have an old smartphone, Android 4.1 or something. It is not possible to update this anymore. Is it safe to use it for Two Factor Authentification? Or should I better buy a new phone for this purpose?
0
If your phone can run a 2FA app, it should be safe to use it for this purpose.
0
I want to use Evolution or Thunderbird clients, for that I will need to get a copy of my private key, but on the downloads I only see the public one.
Also could you explain how do you manage / handle my private key? how do you say you do not have access to my stuff if you have that key?
Regards
0
You can use ProtonMail with Thunderbird via the ProtonMail Bridge, which doesn’t require you to download your private key. Private key downloading is nor supported yet.
You can read more about the Bridge app here: https://protonmail.com/bridge/.
0
Hello, I do only have a regular cellphone. Is it in future also possible to use to log in. Like with yahoo they send you an SMS with a code to log in
0
SMS verification may be considered in the future, but we cannot speculate on a timeline.
0
Is Yubico going to be implemented any time soon?
0
Authy dont have ProtonMail on list i cant genere code….
0
If you need any assistance please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Yubikey. Not everyone has an electronic leash, or even lives in an area where such service is extant.
0
Plz change authentication methodes to include something for people not using smart phones like text message or some of the obove like ubykey ect
0
Please implement Yubikey FIDO U2F support for 2FA. It’s universally recognized as the most secure form of 2FA.
0
Is there any possibility, how to disable 2FA, when i lost my Google Authenticator code (trough support or anything else)? I am inside mailbox, but when i tried to disable 2FA and put the recovery codes, the answer is incorrect login credentials.
0
Please contact our support team at contact@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.
0
I prefer Yandex Key. Please investigate how it works for logging into Yandex.Mail on the computer. Never having to input your password or a 2FA code at login is a beautiful thing (on a computer). Now, if everyone could get onboard with this, life would be grand!
0
Please don’t ever make this compulsory. I understand the benefits, but it entails a link to your real-world identity (the phone). I would stop using proton immediately, even though in every other respect, it is the best thing going.
Quite apart from the anonymity issue, how are users in countries with oppressive regimes going to explain having that app on their phone? Even in the US, with its saintly respect for human and other rights, they could ask why you have proton, and even demand access to the account. They may not be able to do it to citizens, but they can to anyone else.
0
+1 for FIDO U2F
0
Yubikey!
Many of these 2FA apps are problematic if you lose your phone (lose your phone = lose access to ProtonMail!) or feature cloud backup (= increasing your attack surface). It would be great it ProtonMail could implement hardware token support.
OTP: https://developers.yubico.com/OTP/
U2F: https://developers.yubico.com/U2F/
N.B.: I am a paid ProtonMail user, and a Yubikey user– I have no financial ties to yubico. I just want good security. 🙂
0
If I enable this for my mail account, will it also ask for the code when using the VPN (which is running on the same account)?
0
Only the ProtonVPN webpage will ask for your 2FA code, the ProtonVPN app will not ask you to enter the 2FA code.
0
Vote for Yubikey!
0
How is it 2018 and U2F such as with a yubikey is still not supported? Searching through other threads shows people have been asking for this for years, and with good reason.
In order for a user to bring their account’s TOTP security up to par with U2F, they need to make their authenticator itself (and its backups) only accessible via U2F which is an unwieldy process
0
how to disable 2FA if the primary @FA device with Google Authenticator is lost?
0
Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
I avoid downloading apps. Downloading things opens the probability of getting malware. I completed the 2 step authentification process with another email today which utilizes text messages to the phone as the 2nd step. Why can’t proton mail utilize such a method instead of requiring an app?
0
There is much higher risk of a hack using SMS than an app. Rather, it would be nice to be able to use a physical token like YubiKey.
0
Another vote for yubikey
0
for security reason. The “app” comes from Proton and is under control. Not the txt msg.
0
I don’t have a smartphone (just a simple flip phone), so I can’t set up two-factor authentication in ProtonMail the way it currently works. Why can’t ProtonMail handle two-factor authentication the way that other websites do, by sending a confirmation code to the phone number you type in?
0
We don’t support 2FA by SMS, but you can install a 2FA app on your computer.
0
Sms contains known critical security flaws. It is not legal to use this method in a secure email.
0
I am a new proton mail user. I forgot my username and password. Please advise me what to do. Also, I do not know what you mean by “recovery email”.
0
Please contact our support team at contact@protonmail.ch, support@protonmail.ch or using the support form at https://protonmail.com/support-form.
0
+1 for Yubikey 🙂
0
Though I ‘ve never used one, from my research and given the philosophical nature of protonmail’s security/’anonymity’ focus, I would say Yubikey! Doesn’t require the Identification that comes with a cell phone, which is good if, say, you have multiple protonmail accounts, and not all of them are meant to be linked to your public persona for whatever reasons (journalism, activisim…) A device like Yubikey with OTP would be ideal as if I recall you can set it up to authorize multiple accounts with multiple protocols, so with one key, unlinked to your contact information you could secure all of your proton usage, etc. great for authenticating an account accessed over the TOR network where correlating anoynmous web data flow with very much not anonymous mobile broadcast communications data.
0
Yubikey support would be great or just FIDO U2F
0
Voting for Yubikey and/or fido u2f standard
0
i have my mailbox with full mails encripted you not give me solutions
0
If you have reset your password, new encryption keys are generated while the previous ones are disabled. Because of this, your existing messages will become unreadable but you can restore them by providing the old password in the Settings > Keys tab on the web app. https://protonmail.com/support/knowledge-base/restoring-encrypted-mailbox/.
For further assistance, please contact our support team at contact@protonmail.ch, support@protonmail.ch or using the support form at https://protonmail.com/support-form.
0
Where is DUO push integration please? Let us know please
0
Any authenticator app with support for the OTP protocol can be used with ProtonMail.
0
No option to use one-time use recovery codes. How do I disable two-factor verification without this option?
0
You use the recovery codes instead of the code generated by the app to log in. Once you log in with a recovery code, you will need a second recovery code to disable 2FA.
If you need any assistance, please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.
0
Please, add the “remember device” feature for the 2FA… It’s really annoying to have to type every time the 2FA code on the same personal device 🙁
0
I too vote for this feature. I should be able to tell ProtonMail to trust my primary computer for 30 days or something like that, so I don’t have to enter my second factor every day.
0
Yubikey please. I’ve been using these for several years now and they are FIDO U2F.
0
I am using Lineage with F-Droid, I have not looked yet for 2FA, I just found this thread.
There are a lot of great ideas here.
Keep up the Awesome work PM.
0
Hi, the QR code is not showing up properly. I tried to enter the text into my authenticator manually but it fails every time. Not sure what is wrong with it.
0
Please contact our support team at contact@protonmail.ch, support@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.
0
YubiKey OTP, please. :c)
0
Add yet another vote for Yubikey.
0
+1 on Yubikey
0
I use Password Manager from MicroTrend, the ProtonMail app is supported with MicroTrend Password Manager. I recommend Password Manager for extra security.
0
+1 for SMS authentication, or ideally a 2-factor app with SMS as backup. Some of the commenters are concerned about security for SMS, but if you make it an opt-in feature then they can opt-out.
0
more + 1 for yubikey, superb solution, super secure, why don’t Protonmail support this?
0
Yu-bi-key! Yu-bi-key!
0
I would like to have authentication via ordinary text messages/SMS: these apps require WiFi or the use of cellphone data, and requires an additional app. YubiKey would be good too.
0
I vote U2F
0
OK so two factor authentication is the way to go. However, what if your smartphone has been hacked/cloned and your two factor authentication is an app that generates a code (say google authenticator). If someone else has access to everything you are doing on your smartphone they presumably will be able to access the code you are provided? I believe the way to go is something like certain financial institutions use where they provide a key fob and you press a button and it illuminates and provides a code. It works similarly to google authenticator in that a new code is generated/changes every few seconds but it is not on a connected device which cannot be accessed/seen remotely. Also, protonmail when they adopt such a system should provide for a nonviewable entry box for that codes input thereby denying anyone who is still hacking viewing the smartphone/pc from seeing what is typed. Feedback appreciated. Thanks.
0
I vote for Yubikey OTP or U2F please
0
+1 on Yubikey
0
Two-factor authentication is actually more of a bug than a feature if the attacker has taken control of your cell phone through malicious software and/or SS7. (Which I now know from painful, hard-won experience on a Gmail account.)
Please, please consider adding Yubikey authentication which is not subject to that form of hacking and most importantly, not requiring any access to the phone at all.
0
I’d love Yubikey support 🙂
0
Is there any update on ProtonMail implementing/supporting YubiKey (by yubico)? i appreciate there have been a number of updates above re no timeline but i’m hoping there may be an update at this stage? I appreciate PM team have been working hard in a number of areas re security and features and whilst sympathetic to that i would really love to see yubikey supported its the only aspect of my online accounts (That i really care about) that does not currently support it.
0
I think this is amazing
0
I hope we can get yubikey working as well.
Thanks
0
That’s clear, no yubikey, no protonmail
0
Please add support for Yubikey!
0
Please yubikey
0
+1 Yubikey
0
HELLO PROTONMAIL !
ADD THE SUPPORT TO USE MORE THAN ONE TWO FACTOR AUTHENTICATION
I would like to use both Authy and my Yubico for the same account to log in. not a choice option between yubico or authy to log in.
What I’m using now:
Login Password – Authy – Mail Password
I would like to use:
Login Password – Yubico – Authy – Mail Password
0
I don’t know about “developed” countries, but in Russia usage of cellphones (SMS, apps) for 2FA is a security hole.
0
+1 for Yubikey
0
Support for hardware tokens seems like a good idea. U2F or FIDO2, e.g. If the team thinks this isn’t a good idea (vs just prioritizing development resources), would love to hear the reasons why not, as the info would likely be very informative.
0