2 Factor Authentication (2FA) adds an additional layer of security to your ProtonMail account by adding an additional verification to the login process to protect your account. Currently, ProtonMail supports the OTP protocol, so accounts with 2FA enabled will be prompted to enter a 6-digit code upon logging in. This 6-digit code will be generated by an app that is installed on your mobile phone.
This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.
In order to use 2FA you must have access to a second device with an authenticator application installed, through which you will receive verification codes to authenticate your login. Below you will find some different Authenticator application options. You must install one of these apps first on your mobile phone before you can use 2FA.
Setting up Two Factor Authentication in ProtonMail
1. Visit the Security tab within the Settings of your account. This can only be done through the web version of ProtonMail found at mail.protonmail.com
2. Select Enable Two-Factor Authentication
3. Open the authenticator app you have chosen on your mobile device and select the option to scan a QR code, or manually enter the authentication key. To scan the code, point your devices camera at the QR code seen in the setting of your ProtonMail account. (Note: the image below is a demo, do not scan it. Scan the image shown in your account.)
4. You will see the following modal that requires you to enter the Login password of your account, along with the two-factor passcode which you will see in the authenticator application you are using.
5. ProtonMail will also provide you with several one-time use recovery codes. Please save these codes in a secure place and do NOT lose them. If you ever misplace or lose your authentication device (mobile phone, etc) these codes will be the only way to log into your account. If you ever lose your second factor device, you can enter these codes instead of the 6-digit authenticator code. Note, each code can only be used once, and they must be used in the listed order, so please save all the codes.
Optional: Switch to Single Password Mode (for Legacy users)
As of version 3.6.0, ProtonMail has switched to supporting a single password mode and this is the new default mode for newly created accounts. The single password mode combines the legacy Login and Mailbox password into a single password without compromising security or privacy. Existing users have the option to stay in two password mode, or switch to single password mode. For users that find having to enter a Login Password, 2FA code, and Mailbox password to access email too cumbersome, we recommend switching to Single Password mode to reduce the number of password prompts by one.