How to use a 2FA security key to protect your Proton Account

5 mins
Two factor authentication (2FA)

One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details. 

Two-factor authentication (2FA) greatly improves the security of your account by requiring something you have (your phone or security key) or are (your faceprint or fingerprint). Unless an adversary knows your login details and also has physical access to this second factor, they cannot access your account. 

Proton supports two different types of 2FA sign-in. You can use:

Physical security keys have the advantage that they are not vulnerable to phishing

This support article explains how to use a U2F or FIDO2 security key to secure your account using two-factor authentication. Before doing this, you must first configure 2FA using an authenticator app

Learn how to secure your account with 2FA using an authenticator app

Currently, Proton supports 2FA verification using a security key via any browser (including on mobile devices). 

How to set up your security key for use with your Proton Account

To use your security key to provide 2FA authentication while signing into your Proton account, you must first enable 2FA using an authenticator app. Then:

1. Sign in to and go to Settings → All settingsAccountAccount and passwordTwo-factor authentication.

2. Toggle the Security key switch on. (For security reasons, you may be prompted to re-confirm your password and verify your identity using a 2FA authenticator app.

If you have already registered another security key, you may be asked to use this to verify your identity instead.) 

3. Insert your security key into your computer’s USB port.

To enable the use non-physical platform security keys, such as Windows Hello(new window) or Apple’s Touch ID(new window) or Face ID(new window), check the Allow platform keys box.

To only allow physical security keys, leave the box unchecked.

Click Continue when you’re ready.

Register your security key.

4. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.

Register your key

Note that If your device has a built-in security key, you may also be prompted to use it (e.g. via Touch ID on macOS or Windows Hello).

Touch ID on Safari for macOS

5. You will be asked to identify the security key with a name. Click Next when you’re ready. 

Name your key

Your security key is now registered with Proton and can be used as a 2FA device to access all Proton services using your Proton Account. 

Your security key is now registered

Note: If you’re using the Tor browser, you won’t be able to add a security key to your Proton Account as the Tor browser does not have FIDO2 support. Please use a different browser instead.

You can view all your registered keys, rename them, or delete them in the Two-factor authentication section of Settings

View your registered keys

How to use your security key with your Proton Account

Security key authentication is currently supported on the Proton web app (in your browser), so if you’re using a Proton app, you will need to use an authenticator app for 2FA authentication. Full support for physical security keys on our desktop and mobile apps is coming later. 

1. Sign in to your Proton Account (for example, at window)) using your Proton username and password.

You may also be asked to verify your account using your security key when performing certain actions, such as registering a new security key or changing your Proton Account password

Sign in

2. At the Two-factor authentication prompt, ensure the Security key tab is selected. Insert your security key and click Authenticate

Choose to authenticate with your security key

3. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers. 

Insert your key

You will now be signed in to your Proton Account.

Learn more about U2F security keys


Safari asks me to use a different browser

When registering or using a security key with Safari, you may see the following error message: Please try using a different browser to complete this action. This is due to a known bug in the Safari browser. As workarounds, you can try the following:

To add a key, either:

  • Close Safari (click Safari in the menu bar → Quit Safari) and reopen it
  • Use another browser to register your security key

If you encounter an issue when using your security key, you can still use an authenticator app or the recovery codes generated when you enabled 2FA to regain access to your account. See our main two-factor authentication (2FA)(new window) support article for more details.

Didn’t find what you were looking for?