How to set up two-factor authentication (2FA) for your Proton Account

Two-factor authentication (2FA) provides an additional layer of security for your Proton Account. One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details. 

Two-factor authentication (2FA) helps prove your identity using something else. This can be something you have, such as your phone or a security key, or something you are, using your faceprint or fingerprint.

Only if both factors are present can your account be accessed. 

Proton supports two different types of 2FA. You can use:

• Your smartphone (via an authenticator app)
• A Universal 2nd Factor (U2F) or FIDO2 security key

This support article explains how to secure your Proton Account with 2FA using an authenticator app on your smartphone. To use a security key, see:

How to use a 2FA security key to protect your Proton account 

Note that to use a security key, you must first set up 2FA using an authenticator app, as described below.

2FA using authenticator apps

An authenticator app running on a smartphone generates six-digit time-based one-time passwords(nowe okno) (TOTPs) that you can use to sign in to your Proton Account. These prove that you are in physical possession of a phone registered to your Proton Account. 

This means that even if an attacker somehow steals your password, they still cannot get into your account without access to your mobile phone. 

To use 2FA, you must first install an authenticator app on your mobile phone and have access to your phone while logging in to your account. There are many authenticator apps to choose from, but the following are open source options:

Android

• Aegis Authenticator(nowe okno)

iOS  and iPadOS

• FreeOTP Authenticator(nowe okno)

How to set up 2FA using an authenticator app

1. Log in to your Proton Account at account.proton.me and go to Settings → All settings → Account and password → Two-factor authentication and turn the Authenticator app switch on.

This will bring up an information panel. Click Next when you’re ready to start. 

2. You will now see a QR code. Open the authenticator app on your mobile device, select the option to scan a QR code, and point your device’s camera at it. Note: do not scan the demo image shown below. Scan the image shown in your account settings.

If you prefer, you can enter the 2FA key into your authenticator app manually by clicking on the link Enter key manually instead shown above.

Once you have successfully added your Proton Mail account to your authenticator app, click Next.

3. Enter your Proton Account password and the 6-figure time-sensitive code provided by your authenticator app. Click Submit when you’re done.

4. Proton Mail will now provide you with several 1-time use recovery codes. Please save these codes in a secure place and do not lose them. 

If you ever misplace or lose your authentication device (mobile phone, etc.), these codes provide the only way to log in to your account. If you lose your device, you can enter these codes instead of the 6-digit code provided by your authenticator code app. Each code can only be used once, so save all the codes.

Please note that resetting your Proton Account password will automatically disable 2FA. In this case, you will need to manually enable it again: Go to Settings → All settings → Account and password → Passwords and switch on Two-factor authentication. 

How to use 2FA with multiple devices

If you wish to receive your 6-digit authentication codes on multiple devices — for example, your phone and your tablet — you must have an authenticator app installed on each device.

If you have already enabled two-factor authentication, you will need to disable it first.

1. Go to Settings → All settings → Account and password → Two-factor authentication and turn the Authenticator app switch off.

2. Turn the Two-factor authentication switch on and scan the QR code using the authenticator app on each device. You can also take a screenshot of the QR code and save it for later to scan with your other devices.

Or you can also enter the 2FA key into your authenticator app manually if you prefer. 

If you encounter any problems, please see our support article for when two-factor authentication (2FA) is not working(nowe okno).

Two-password mode (legacy users)

Proton Mail now uses one-password mode(nowe okno) by default, but some early adopters may still be using our legacy two-password mode authentication system. We can combine two-password mode with 2FA, but some users may find entering a login password, 2FA code, and mailbox password too cumbersome. 

In this case, we recommend switching to one-password mode with 2FA enabled.