Device-based recovery
Your Proton Account is secured using zero-access encryption. This means that no one can access your account without your login credentials, including Proton.
To help prevent you from losing access to your account if you forget your login details, we have developed several recovery methods that do not compromise your privacy(new window). Device data recovery is one of these.
- How to enable and turn off device-based recovery
- Is device-based recovery safe?
- How to enable and disable device data recovery on your device
- How to recover your account
- How to delete recovery information
What is device-based recovery?
If you enable device-based recovery, Proton will store an encrypted backup keychain as a file in your browser’s web storage(new window).
If you forget your Proton password and need to reset it, the next time you sign in on a trusted device using your new password, full access to your Proton Account will be restored.
For now, device-based recovery is available on our web app.
Is device-based recovery safe?
Yes. Your Proton Account OpenPGP encryption keys are stored on your device in a recovery file. The recovery file is encrypted using a randomly generated symmetric encryption key. We call this derived key the recovery secret, which is uploaded to our servers.
When you unlock your account using device data recovery, the recovery secret is downloaded to your device and used to decrypt your Proton PGP keys. At no point does Proton have access to your account keys.
If you delete the recovery secret from our servers (see below), the recovery file becomes completely useless.
How to enable and disable device-based recovery on your device
Device data recovery is enabled by default. But to save the encrypted keychain file to your browser’s web storage, you must select the Keep me signed in checkbox when you sign in to your account.
That browser on that specific device is now a trusted device.
If you wish to disable device data recovery, go to Settings → Go to settings → Dashboard → Recovery → Data recovery and toggle the Trusted device recovery switch off.
This will disable device data recovery on all your devices, even if the Keep me signed in checkbox is ticked.
How to recover your account
If you forget your password and device data recovery is enabled (see above):
1. Reset your password(new window)
2. Log in to your account on a trusted device using your new password.
Your account keys will be decrypted in the background, giving you full access to your Inbox.
How to delete recovery information
You can delete all recovery information from a device If you no longer trust it (for example, if you sell it). There are two ways to delete recovery information.
Option 1: Before signing out of your Proton account, check the box that says Delete recovery information.
Or
Option 2: Log in to mail.proton.me(new window) and go to Settings → Go to settings → Dashboard → Recovery → Data recovery → Recovery file → Void all recovery files.
Doing this will void all trusted device information stored on our servers, so you will not be able to use trusted device recovery on any device that you have previously trusted.
If you are sure you want to proceed, at the warning, click Void.
How to manually save a recovery file
In addition to the automated device-based recovery method described above, it is also possible to manually download a recovery file and restore your account from it.
To do this, log in to mail.proton.me(new window) and click Settings → Go to settings → Dashboard → Recovery → Data recovery → Recovery file → Download recovery file. Save the .asc file using your system’s default file manager.
Learn how to recover your account using the downloaded recovery file(new window)