Two-factor authentication (2FA)

4 mins
Two factor authentication (2FA)

Two-factor authentication (2FA) is an additional layer of security for your Proton Account. With 2FA enabled, you will be prompted to enter a 6-digit code when you log in to your account. This 6-digit code will be generated by an app installed on your mobile phone.

This means that even if your password is somehow stolen, an attacker still cannot get into your account without also having access to your mobile phone. Because of this security benefit, we recommend enabling 2FA on your account.

To use 2FA, you must first install an authenticator app on your mobile phone and have access to your phone while logging in to your account. There are many authenticator apps to choose from. Below are a few options, but this is by no means a definitive list:


iOS  and iPadOS

Setting up two-factor authentication in Proton Mail

1. Log in to your Proton Account at window) and click Settings → Go to settings → Account and password → Passwords and switch on Two-factor authentication.

Two factor authentication switch

This will bring up an information panel. Click Next when you’re ready to start. 

2. You will now see a QR code. Open the authenticator app on your mobile device, select the option to scan a QR code, and point your device’s camera at it. Note: do not scan the demo image shown below. Scan the image shown in your account settings.

Scan 2FA code

If you prefer, you can enter the 2FA key into your authenticator app manually by clicking on the link Enter key manually instead shown above.

Once you have successfully added your Proton Mail account to your authenticator app, click Next.

3. Enter your Proton Account password and the 6-figure time-sensitive code provided by your authenticator app. Click Submit when you’re done.

Enter your password and 2fa authentication code

4. Proton Mail will now provide you with several 1-time use recovery codes. Please save these codes in a secure place and do not lose them

If you ever misplace or lose your authentication device (mobile phone, etc.), these codes provide the only way to log in to your account. If you lose your device, you can enter these codes instead of the 6-digit code provided by your authenticator code app. Each code can only be used once, so save all the codes.


Please note that resetting your Proton Account password will automatically disable 2FA. In this case, you will need to manually enable it again: Click Settings → Go to settings → Account and password → Passwords and switch on Two-factor authentication

How to authenticate from multiple devices

If you wish to receive your 6-digit authentication codes on multiple devices — for example, your phone and your tablet — you must have an authentication app installed on each device.

If you have already enabled two-factor authentication, you will need to disable it first.

1. Go to Settings → Go to settings → Account and password → Passwords and switch off Two-factor authentication to disable 2FA.

2. Switch on Two-factor authentication and scan the QR code using the authenticator app on each device. You can also take a screenshot of the QR code and save it for later to scan with your other devices.

Or you can also enter the 2FA key into your authenticator app manually if you prefer. 

If you encounter any problems, please see our support article for when two-factor authentication (2FA) is not working(new window).

Two-password mode (legacy users)

Proton Mail now uses one-password mode(new window) by default, but some early adopters may still be using our legacy two-password mode authentication system. We can combine two-password mode with 2FA, but some users may find entering a login password, 2FA code, and mailbox password too cumbersome. 

In this case, we recommend switching to one-password mode with 2FA enabled.

Didn’t find what you were looking for?

Contact support