How to use a 2FA security key to protect your Proton Account
One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details.
Two-factor authentication (2FA) greatly improves the security of your account by requiring something you have (your phone or security key) or are (your faceprint or fingerprint). Unless an adversary knows your login details and also has physical access to this second factor, they cannot access your account.
Proton supports two different types of 2FA sign-in. You can use:
- Your smartphone (via an authenticator app)
- A Universal 2nd Factor (U2F) or FIDO2 security key
Physical security keys have the advantage that they are not vulnerable to phishing.
This support article explains how to use a U2F or FIDO2 security key to secure your account using two-factor authentication. Before doing this, you must first configure 2FA using an authenticator app.
Learn how to secure your account with 2FA using an authenticator app
You can add a security key for 2FA verification via any browser. You can then use that security key for 2FA verification on our web and mobile apps.
How to set up your security key for use with your Proton Account
To use your security key to provide 2FA authentication while signing into your Proton account, you must first enable 2FA using an authenticator app. Then:
1. Sign in to account.proton.me and go to Settings → All settings → Account → Account and password → Two-factor authentication.
2. Toggle the Security key switch on. (For security reasons, you may be prompted to re-confirm your password and verify your identity using a 2FA authenticator app.
If you have already registered another security key, you may be asked to use this to verify your identity instead.)
3. Insert your security key into your device’s USB port.
To enable the use non-physical platform security keys, such as Windows Hello(neues Fenster) or Apple’s Touch ID(neues Fenster) or Face ID(neues Fenster), check the Allow platform keys box.
To only allow physical security keys, leave the box unchecked.
Click Continue when you’re ready.
4. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.
Note that If your device has a built-in security key, you may also be prompted to use it (e.g. via Touch ID on iOS/macOS, or Windows Hello).
5. You will be asked to identify the security key with a name. Click Next when you’re ready.
Your security key is now registered with Proton and can be used as a 2FA device to access all Proton services using your Proton Account.
Note: If you’re using the Tor browser, you won’t be able to add a security key to your Proton Account as the Tor browser does not have FIDO2 support. Please use a different browser instead.
You can view all your registered keys, rename them, or delete them in the Two-factor authentication section of Settings.
How to use your security key with your Proton Account
Security key authentication is currently supported on the Proton web app (in your browser) and in mobile apps. If you’re using the desktop app, you may need to use an authenticator app for 2FA authentication. Full support for physical security keys on our desktop apps will be coming at a later date.
1. Sign in to your Proton Account (for example, at mail.proton.me(neues Fenster)) using your Proton username and password.
You may also be asked to verify your account using your security key when performing certain actions, such as registering a new security key or changing your Proton Account password.
2. At the Two-factor authentication prompt, ensure the Security key tab is selected. Insert your security key and click Authenticate.
3. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.
You will now be signed in to your Proton Account.
Learn more about U2F security keys
Troubleshooting
Safari asks me to use a different browser
When registering or using a security key with Safari, you may see the following error message: Please try using a different browser to complete this action. This is due to a known bug in the Safari browser. As workarounds, you can try the following:
To add a key, either:
- Close Safari (click Safari in the menu bar → Quit Safari) and reopen it
- Use another browser to register your security key
If you encounter an issue when using your security key, you can still use an authenticator app or the recovery codes generated when you enabled 2FA to regain access to your account. See our main two-factor authentication (2FA)(neues Fenster) support article for more details.