Proton

How to use 2FA in Proton Pass

Reading
5 min
Category
Using Proton Pass

One-factor authentication requires something you know (your login details). Two-factor authentication requires an additional something that proves your identity. This something is usually a physical device, such as your phone or a 2FA security key. Unless an adversary has physical access to this thing, they can’t access your accounts.

Two-factor authentication (2FA) provides a valuable additional layer of security for your account. 

One of the most common and secure ways to achieve 2FA is using an authenticator app on your smartphone. This generates six-digit time-based one-time passwords(new window) (TOTPs) that you can use to sign in to your online accounts. 

These TOTP codes prove that you are in physical possession of a phone registered to that account. This means that even if an attacker somehow steals your password, they still cannot get into your account without access to your mobile phone.

Proton Pass makes it convenient to use 2FA in this way. Instead of requiring a separate third-party authenticator app, Proton Pass can securely generate TOTP codes for websites that you have saved login details for. 

Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

How to configure 2FA codes

Using the Proton Pass browser extension

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA. Instead of scanning a QR code, select the enter key manually option and copy the numerical key provided.

Obtain 2FA code

2. Open the Proton Pass browser extension, select the entry for the service you wish to activate 2FA on → Edit

Edit Proton Pass item

3. In the 2FA secret (TOTP) field, paste in the 2FA key you copied from the website, and click Save.

Paste in the 2FA key

Using the Proton Pass Android app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

Find the QR code

2. Open the Proton Pass app on your Android device, select the entry for the service you wish to activate 2FA on → Edit

2. Tap inside the 2FA secret (TOTP) field → Scan code.

Scan the QR code

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save

An entry will appear in the TOTP field when the app registers the code

You can also configure 2FA codes manually on Android. To do this, tap Paste code instead of Scan code and paste in or enter a 2FA key as described for configuring the browser extension above. 

You can also configure 2FA codes manually

Using the Proton Pass iPhone and iPad app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

Find the QR code

2. Open the Proton Pass app on your iPhone or iPad, select the entry for the service you wish to activate 2FA on → Edit

Edit the Pass entry

3. Tap inside the 2FA secret (TOTP) field → Open camera.

Open camera and scan the QR code

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save

You can also configure 2FA codes manually. To do this, tap Paste from clipboard instead of Open camera and paste in or enter a 2FA key as described for configuring the browser extension above. 

Paste from clipboard

How to sign in using 2FA on Proton Pass

Using the Proton Pass browser extension

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. When prompted to enter a 2FA code, the browser will display a notification showing the 2FA verification code.

Click Copy & fill in to autofill the 2FA code on the website you’re signing in to.

Autofill the 2FA code

Alternatively, you can manually enter the code, or you can open the browser extension, select the correct entry (if it’s not automatically selected), and click on the OTP field to copy it to your device’s clipboard. You can now paste it into the 2FA code request field on the website you’re signing in to.

Paste in the TOTP code manually

Proton Pass generates a new 2FA code every 30 seconds. A timer displays how long you have before a new code is generated. Once a new code is generated, the previous code is no longer valid.

The 30-second timer

Using the Proton Pass Android app

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. Log in using Pass. When you do this, a TOTP code is automatically saved to your device’s clipboard. 

2. When prompted to enter a 2FA code, long-pressPaste to paste in the TOTP code. 

Paste in the TOTP code

Using the Proton Pass iOS app

On Android, when you log in to a site using Proton Pass, the TOTP code is automatically copied to your device’s clipboard. If you are using our iOS app, you must enable this feature manually. This is because the app uses the iOS/iPadOS notifications feature, for which you need to grant permission.  

To do this, open the app, go to Profile (the “person” icon at the bottom right), and toggle the Copy 2FA code switch on.

Copy 2FA code

To use 2FA on an iPhone or iPad:

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. Log in using Pass. 

2. If Copy 2FA code (see above) is enabled, you can long-pressPaste to paste in the TOTP code when prompted. If it isn’t, you’ll need to manually copy the 2FA code over from the Proton Pass apps. 

Paste in the TOTP code

Didn’t find what you were looking for?

General contactcontact@proton.me
Media contactmedia@proton.me
Legal contactlegal@proton.me
Partnerships contactpartners@proton.me