Your organization password and key
Your Proton for Business(new window) account is secured by an organization password that is associated with your organization key.
Proton for Business accounts use end-to-end encryption(new window) to secure emails. This is achieved using a master encryption key called the organization key, which nobody other than the administrators of your organization has access to.
Because even we do not have access to this key, your data remains private, even from us.
To find out details about your organization key, log in to your Proton Account at account.proton.me(new window) and go to Settings → Go to settings → Organization → Organization and keys → Password and keys.
Your organization key fingerprint can be optionally used as a security feature to verify that all administrators in your account have the same key.
Your organization key is protected by an organization password that is only known to the administrators of your organization. Because we do not know the organization password, we cannot read any of the emails associated with your organization.
However, because administrators have access to the organization password and the organization key, administrators are able to read the emails of all users of an organization unless the user is explicitly designated as a private user(new window).
For day-to-day management of your organization, administrators do not need to use the organization password because an administrator’s Proton Mail account password is sufficient for most organization management functions. However, the organization password must be used to perform some tasks. These include:
- Adding a new administrator to your organization
- Changing your organization keys
The organization password also serves as a recovery mechanism if an administrator loses administrative privileges to their Proton Mail organization (for example due to a password reset(new window)).
Changing your organization password
Any administrator can change the organization password. When this is done, it is the responsibility of each administrator to share the new organization password with all other administrators.
Resetting organization password
Please see restoring administrator privileges(new window) for more information about resetting your organization password,
Changing your organization key
Changing your organization key is not usually necessary, but we recommend doing it for security purposes if an administrator leaves your organization or if an administrator’s account is compromised.
Changing the organization key generates a new encryption key, which is used to encrypt all data for your organization. This replaces your old key. You will need to set a new organization password.
No data will be lost or destroyed in this process. However, after the organization key has been changed, all other administrators will be placed into a restricted privileges mode(new window). The administrator that changed the organization key will need to share the new organization password with all other administrators in order for them to restore administrative privileges(new window).
To change your organization key:
1. Log in at account.proton.me(new window) and go to Settings → Go to settings → Organization → Organization and keys → Password and keys → Change organization keys.
2. Select an encryption scheme for the key.
3. Choose a new password. Click Save when you’re ready.
How to set up an organization in Proton Mail
Step 1: Set up your custom domain(s)
Step 2: Create your organization(new window)
- Organization password and key(new window) (you are here)
- Restoring administrator privileges(new window)
Step 3: Add new users to your organization(new window)
Step 4: Migrate your existing email messages to Proton Mail(new window)