Set account recovery methods in case you forget your Proton password
Proton doesn’t have access to your password, so we can’t reset it for you if you forget or lose your password.
If you don’t set any way to recover your Proton Account and then forget your password, you’ll lose access to your account and all your existing emails, contacts, and other encrypted files.
Please note that the recovery methods described below are not available to non-private users(new window) in an organization. If you’re a non-private user and you’ve forgotten your password, contact your organization’s administrator for help.
In this article, we explain:
- Ways to reset your password and recover your emails and other encrypted data
- How to add or change a recovery email address
- How to add or change a recovery phone number
- How to enable a recovery phrase
- How to download a recovery file
- What happens if I don’t set any recovery methods?
- What is an “outdated ” recovery method?
Ways to reset your password and recover your emails and other encrypted data
Your Proton password is used for two things:
- To give you access to your Proton Account
- To decrypt your emails, contacts, and other encrypted data
If you forget your password, setting a recovery phrase allows you to reset your password so that you can access your Proton Account. You can also (optionally) use your recovery phrase to decrypt your emails, contacts, and other encrypted data.
We recommend setting a recovery phrase to both access your account and decrypt your data.
If you prefer not to use the same recovery method for both accessing your Proton Account and decrypting your data, you can set different recovery methods for accessing your Proton Account and decrypting your data.
In his case, we strongly recommend at least one account recovery method (for Step 1) and one data recovery method (Step 2). If you don’t set both, you may not be able to access your account and encrypted data if you lose your password.
Step 1. Account recovery: Reset your password using one of the following four options:
- Recovery email: If you’ve provided an email address, we can send a message to that address so you can reset your password.
- Recovery phone number: If you’ve given us a mobile phone number, we can send you a text to reset your password.
- Recovery phrase: If you’ve enabled your recovery phrase, you’ll be able to enter your 12-word phrase to reset your password.
- Device-based recovery: If you enable data device recovery, Proton will store an encrypted backup keychain as a file in your browser’s web storage(new window)(new window).
Step 2. Data recovery: Recover your emails and other encrypted files using one of the following two options:
- Recovery phrase: If you’ve enabled your recovery phrase, you’ll be able to use it to restore your emails and other encrypted data.
- Recovery file: If you’ve downloaded a recovery file, you can upload it to restore your emails and data.
- Device-based recovery: If you forget your Proton password and need to reset it, the next time you sign in on a trusted device using your new password, full access to your Proton Account will be restored.
Note that you can enable multiple ways to recover your account and data.
- Reset your Proton password (Step 1)(new window)
- Recover your emails and other encrypted files (Step 2)
Alternatively, if device-based recovery is enabled, you may not need to reset your password if your Proton account is open in any browser window.
Learn more about device-based recovery
How to add or change a recovery email address
You can add a recovery email address when you sign up or add one after you’ve created your Proton Account, as long as you still have access to your account and know your password.
To add or change a recovery email address:
1. Log in to your account at account.proton.me and click Settings → All settings → Recovery and scroll down to Account recovery.
2. Enter your recovery email in the Recovery email address field and click Save. Your recovery address should be an email address that only you have access to.
3. Enter your password to continue and click Submit.
4. Switch on the Allow recovery by email option and enter your password again to confirm.
5. If your recovery email address is not yet verified, click the Verify now link and then the Send verification email button. You’ll be sent a link to confirm that the email address belongs to you.
If you ever want to disable recovery by email:
- Switch off Allow recovery by email; or
- Delete your recovery email from the Recovery email address field and click Save.
You’ll be asked to enter your password to confirm.
Your recovery email is also sometimes called your notification email. It’s the same email address that we send notifications to when new messages are received in your Proton Mail account.
Learn more about notification emails and how to enable them.(new window)
How to add or change a recovery phone number
You can add a recovery phone number when you sign up or add one after you’ve created your Proton Account, as long as you still have access to your account and know your password.
To add or change a recovery phone number:
1. Log in to your account at account.proton.me and click Settings → All settings → Recovery and scroll down to Account recovery.
2. Enter your recovery phone number in the Recovery phone number field and click Save.
3. Enter your password to continue and click Submit.
4. Switch on the Allow recovery by phone option.
5. If your recovery phone number is not yet verified, click the Verify now link.
6. You will be asked whether you want to verify your recovery phone number by SMS. Click Verify by SMS.
7. You’ll be sent a code by SMS to confirm that the recovery phone number belongs to you.
If you ever want to disable recovery by phone:
- Switch off the Allow recovery by phone option; or
- Delete your recovery phone number from the Recovery phone number field and click Save.
How to enable a recovery phrase
If you forget your password, you can also reset it using our recovery phrase feature.
A recovery phrase is composed of 12 words and acts like a backup password. It allows you to reset your password and recover all your emails and other encrypted data.
We strongly recommend that everyone enable a recovery phrase.
If you don’t have a recovery phrase (or haven’t downloaded a recovery file) and you forget your password, you will not be able to recover your messages or other encrypted data after you reset your password(new window).
To enable a recovery phrase:
1. Log in to your account at account.proton.me and click Settings → All settings → Recovery and scroll down to the Data recovery section.
2. Click the Allow recovery by recovery phrase switch so it turns on.
If it has been more than 10 minutes since you logged in, you will need to enter your password (and two-factor authentication, if you have it enabled).
3. Click Generate recovery phrase and enter your password again to continue.
A pop-up will display your 12-word recovery phrase. Write down your recovery phrase in the same order it was given to you and store it somewhere safe in case you need it in the future. You can also copy and paste it into a secure document or download a file of your phrase for safekeeping.
This screenshot is an example. This recovery phrase will not work with your account.
How to download a recovery file
You can download a recovery file that you can use to restore your emails and other encrypted data after you’ve reset your password.
To download a recovery file:
1. Log in to your account at account.proton.me and click Settings → All settings → Recovery and scroll down to the Data recovery section.
2. Click Download recovery file.
Store your recovery file in a safe place to restore your data in case you ever reset your password.
Please note that you’re not meant to open and read your recovery file. Unlike your recovery phrase, which is made up of 12 words you can write down or copy, your recovery file is an encrypted file. You can download it, store it in a safe place, and upload it as described above to restore your encrypted emails and other encrypted data when needed. It’s not designed for you to open and read it.
What happens if I don’t set any recovery methods?
If you don’t set at least one account recovery method and one data recovery method, you may not be able to access any of your emails, contacts, or encrypted files if ever you lose your password.
If you don’t set both methods to restore your account, you’ll see an orange warning dot next to Recovery on the Settings page with the following messages in red:
“No account recovery method set; you are at risk of losing access to your account” and/or
“No data recovery method set; you are at risk of losing access to your data”
Click on the arrows or scroll down to the Account recovery section to add a recovery email address or allow recovery by phone.
Click on the arrows or scroll down to the Data recovery section to set a recovery phrase or download a recovery file.
When you have correctly set your recovery methods, you’ll see the following confirmation messages in green:
“Your account recovery method is set”
“Your data recovery method is set”
After you’ve set these ways to restore your account, if you ever forget or lose your password, you can:
What is an “outdated” recovery method?
After you reset your password by email/phone or generate a new account key, your recovery phrase or recovery file may become outdated. If a method is outdated, you won’t be able to use it to recover any new messages or other encrypted data if you ever reset your password again.
If your recovery methods become outdated, we’ll warn you with an orange dot next to Recovery on the Settings page and the following message in red:
“Outdated recovery methods; update to ensure access to your data”
1. Click on the arrows or scroll down to the Data recovery section.
2. Click on the Update recovery phrase button and follow the prompts to generate a new recovery phrase.
3. Click on the Update recovery file button to download a new recovery file.