Why am I seeing a new login security alert?
Every time someone logs into your Proton Account using your account password, we’ll send a security alert push notification to your mobile device if you have the Proton Mail iOS or Android app installed. This is one of the multiple layers of defense that Proton uses to keep your account secure.
You’ll see the alert every time there is a new login using your correct password, although we use a system to rate limit the notification alerts if you log in multiple times in succession.
If you have two-factor authentication (2FA) enabled, you’ll receive the alert even if 2FA failed to successfully authenticate the login.
The Proton Mail mobile apps display the notification when there is a new login and provide the following information:
- The Proton service that was logged into (Proton Account, Proton Mail(nouvelle fenêtre), Proton VPN(nouvelle fenêtre), Proton Drive(nouvelle fenêtre), or Proton Calendar(nouvelle fenêtre)).
- The platform the login occurred on (web, Android, or iOS). Note that all web logins are reported as Proton for web since logging into any Proton service in your browser logs you into all your Proton services.
If the login was from you, simply ignore the alert.
If you don’t recognize a login, log out of all other sessions(nouvelle fenêtre) and change your password immediately. We recommend using a password manager(nouvelle fenêtre) to generate a strong, unique password.
You must have the Proton Mail app installed on your Android or iOS/iPadOS device to receive security alerts.
Alerts are sent in real-time and do not result in any login logs. If authentication logs(nouvelle fenêtre) are enabled, you can review past logins by going to Settings → All settings → Account→ Security → Security logs.
If you prefer, you can disable authentication logs so that no login logs are created and stored. If you do this, you can still review and revoke current sessions(nouvelle fenêtre).
What does the security alert protect me against?
Your Proton Account is secured with your password. If you do not have 2FA enabled, then anyone who knows this password has full access to your Proton Account.
If you do have 2FA enabled, an attacker who knows your password will not be able to log in to your account unless they also have physical access to your phone. This is why we strongly recommend enabling 2FA on your Proton Account.
Learn how to secure your account with two-factor authentication(nouvelle fenêtre)
How can an attacker know my password?
There are several ways for bad actors to access your passwords. The most common ones include:
Data breaches
Company databases get hacked all the time, often revealing the usernames and passwords of their customers. These databases are then sold to other hackers or published on the open internet.
If you reuse usernames and passwords across multiple websites and your details are exposed by a data breach, attackers will be able to access all accounts protected by those login details.
This is why it’s important to use strong, unique passwords for every account you have. The human brain is not very good at this, but password managers make the task easy.
Proton never stores your password on our servers, so there is no danger of it being exposed in a data breach.
Phishing
Phishing is a technique criminals use to obtain victims’ usernames, passwords, and financial details. It usually involves sending out unsolicited emails that have been forged to appear as if they come from a legitimate website (such as a bank).
If you click on the link provided, you’ll be taken to a forged website and invited to enter your login credentials (or bank details, etc.).
Note that all legitimate emails from Proton will come with an Official badge. If you receive an email that claims to be from Proton and it doesn’t have this badge, it’s likely a phishing attempt.
Learn how to prevent phishing attacks(nouvelle fenêtre)
Keyloggers
A keylogger is a type of malicious software that records every tap of your keyboard, including when you type in usernames and passwords, and sends that information to an attacker.