How to use a 2FA security key to protect your Proton Account
One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details.
Two-factor authentication (2FA) greatly improves the security of your account by requiring something you have (your phone or security key) or are (your faceprint or fingerprint). Unless an adversary knows your login details and also has physical access to this second factor, they cannot access your account.
Proton supports two different types of 2FA sign-in. You can use:
- Your smartphone (via an authenticator app)
- A Universal 2nd Factor (U2F)(new window) or FIDO2(new window) security key
Physical security keys have the advantage that they are not vulnerable to phishing.
This support article explains how to use a U2F or FIDO2 security key to secure your account using two-factor authentication. Before doing this, you must first configure 2FA using an authenticator app.
Learn how to secure your account with 2FA using an authenticator app
Currently, Proton supports 2FA verification using a security key via any browser (including on mobile devices).
How to set up your security key for use with your Proton Account
To use your security key to provide 2FA authentication while signing into your Proton account, you must first enable 2FA using an authenticator app. Then:
1. Sign in to account.proton.me(new window) and go to Settings → Go to settings → Account → Account and password → Two-factor authentication.
2. Toggle the Security key switch on. (For security reasons, you may be prompted to re-confirm your password and verify your identity using a 2FA authenticator app.
If you have already registered another security key, you may be asked to use this to verify your identity instead.)
3. Insert your security key into your computer’s USB port and click Continue.
4. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.
Note that If your device has a built-in security key, you may also be prompted to use it (e.g. via Touch ID on macOS or Windows Hello).
5. You will be asked to identify the security key with a name. Click Next when you’re ready.
Your security key is now registered with Proton and can be used as a 2FA device to access all Proton services using your Proton Account.
Note: If you’re using the Tor browser, you won’t be able to add a security key to your Proton Account as the Tor browser does not have FIDO2 support. Please use a different browser instead.
You can view all your registered keys, rename them, or delete them in the Two-factor authentication section of Settings.
How to use your security key with your Proton Account
Security key authentication is currently supported on the Proton web app (in your browser), so if you’re using a Proton app, you will need to use an authenticator app for 2FA authentication. Full support for physical security keys on our desktop and mobile apps is coming later.
1. Sign in to your Proton Account (for example, at mail.proton.me(new window)) using your Proton username and password.
You may also be asked to verify your account using your security key when performing certain actions, such as registering a new security key or changing your Proton Account password.
2. At the Two-factor authentication prompt, ensure the Security key tab is selected. Insert your security key and click Authenticate.
3. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.
You will now be signed in to your Proton Account.
Safari asks me to use a different browser
When registering or using a security key with Safari, you may see the following error message: Please try using a different browser to complete this action. This is due to a known bug in the Safari browser. As workarounds, you can try the following:
To add a key, either:
- Close Safari (click Safari in the menu bar → Quit Safari) and reopen it
- Use another browser to register your security key
If you encounter an issue when using your security key, you can still use an authenticator app or the recovery codes generated when you enabled 2FA to regain access to your account. See our main two-factor authentication (2FA)(new window) support article for more details.
Windows prompts me for a PIN instead of a security key
During setup, Windows Hello may ask you to register using your Windows PIN instead of your security key (see Step 4 in the How to set up your security key for use with your Proton Account section above).
If this happens:
1. Click Cancel.
2. Click OK at the security prompt.
3. Follow the wizard to setup your security key (as described in the guide above).