How to use 2FA in Proton Pass

One-factor authentication requires something you know (your login details). Two-factor authentication requires an additional something that proves your identity. This something is usually a physical device, such as your phone or a 2FA security key(new window). Unless an adversary has physical access to this thing, they can’t access your accounts.

Two-factor authentication (2FA) provides a valuable additional layer of security for your account. 

One of the most common and secure ways to achieve 2FA is using an authenticator app on your smartphone. This generates six-digit time-based one-time passwords(new window) (TOTPs) that you can use to sign in to your online accounts. 

These TOTP codes prove that you are in physical possession of a phone registered to that account. This means that even if an attacker somehow steals your password, they still cannot get into your account without access to your mobile phone.

Proton Pass makes it convenient to use 2FA in this way. Instead of requiring a separate third-party authenticator app, Proton Pass can securely generate TOTP codes for websites that you have saved login details for. 

• How to configure 2FA using the browser extension
• How to configure 2FA using the Android app
• How to configure 2FA using the iPhone and iPad app
• How to sign in using 2FA with the browser extension
• How to sign in using 2FA with the Android app
• How to sign in using 2FA with the iPhone and iPad app

Please note that you should never use Proton Pass to secure your Proton Account using TOTP. Use a third-party authenticator app instead.

How to configure 2FA codes

Using the Proton Pass browser extension

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA. Instead of scanning a QR code, select the enter key manually option and copy the numerical key provided.

2. Open the Proton Pass browser extension, select the entry for the service you wish to activate 2FA on → Edit. 

3. In the 2FA secret (TOTP) field, paste in the 2FA key you copied from the website, and click Save.

Using the Proton Pass Android app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

2. Open the Proton Pass app on your Android device, select the entry for the service you wish to activate 2FA on → Edit. 

2. Tap inside the 2FA secret (TOTP) field → Scan code.

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save. 

You can also configure 2FA codes manually on Android. To do this, tap Paste code instead of Scan code and paste in or enter a 2FA key as described for configuring the browser extension above. 

Using the Proton Pass iPhone and iPad app

1. Visit the website of the service you wish to use 2FA on and follow its instructions for setting up 2FA using a QR code.

2. Open the Proton Pass app on your iPhone or iPad, select the entry for the service you wish to activate 2FA on → Edit. 

3. Tap inside the 2FA secret (TOTP) field → Open camera.

This will open your camera app. Point the camera at the QR code. An entry will appear in the TOTP field when the app registers the code. Tap Save. 

You can also configure 2FA codes manually. To do this, tap Paste from clipboard instead of Open camera and paste in or enter a 2FA key as described for configuring the browser extension above. 

How to sign in using 2FA on Proton Pass

Using the Proton Pass browser extension

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. When prompted to enter a 2FA code, the browser will display a notification showing the 2FA verification code.

Click Copy & fill in to autofill the 2FA code on the website you’re signing in to.

Alternatively, you can manually enter the code, or you can open the browser extension, select the correct entry (if it’s not automatically selected), and click on the OTP field to copy it to your device’s clipboard. You can now paste it into the 2FA code request field on the website you’re signing in to.

Proton Pass generates a new 2FA code every 30 seconds. A timer displays how long you have before a new code is generated. Once a new code is generated, the previous code is no longer valid.

Using the Proton Pass Android app

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. Log in using Pass. When you do this, a TOTP code is automatically saved to your device’s clipboard. 

2. When prompted to enter a 2FA code, long-press → Paste to paste in the TOTP code. 

Using the Proton Pass iOS app

On Android, when you log in to a site using Proton Pass, the TOTP code is automatically copied to your device’s clipboard. If you are using our iOS app, you must enable this feature manually. This is because the app uses the iOS/iPadOS notifications feature, for which you need to grant permission.  

To do this, open the app, go to Profile (the “person” icon at the bottom right), and toggle the Copy 2FA code switch on.

To use 2FA on an iPhone or iPad:

1. Visit a website you’ve previously configured to use 2FA on Proton Pass. Log in using Pass. 

2. If Copy 2FA code (see above) is enabled, you can long-press → Paste to paste in the TOTP code when prompted. If it isn’t, you’ll need to manually copy the 2FA code over from the Proton Pass apps.