Two-factor authentication (2FA)

Reading
5 mins
Category
Two factor authentication (2FA)

Two-factor authentication (2FA) provides an additional layer of security for your Proton Account. One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details. 

Two-factor authentication (2FA) helps prove your identity using something else. This can be something you have, such as your phone or a security key, or something you are, using your faceprint or fingerprint.

Only if both factors are present can your account be accessed. 

Proton supports two different types of 2FA. You can use:

This support article explains how to secure your Proton Account with 2FA using an authenticator app on your smartphone. To use a security key, see:

How to use a 2FA security key to protect your Proton account 


Note that to use a security key, you must first set up 2FA using an authenticator app, as described below.

2FA using authenticator apps

An authenticator app running on a smartphone generates six-digit time-based one-time passwords(new window) (TOTPs) that you can use to sign in to your Proton Account. These prove that you are in physical possession of a phone registered to your Proton Account. 

This means that even if an attacker somehow steals your password, they still cannot get into your account without access to your mobile phone. 

To use 2FA, you must first install an authenticator app on your mobile phone and have access to your phone while logging in to your account. There are many authenticator apps to choose from. Below are a few options, but this is by no means a definitive list:

Android

iOS  and iPadOS

How to set up 2FA using an authenticator app

1. Log in to your Proton Account at account.proton.me(new window) and click Settings → Go to settings → Account and password → Passwords → Two-factor authentication and toggle the TOTP switch on.

This will bring up an information panel. Click Next when you’re ready to start. 

2. You will now see a QR code. Open the authenticator app on your mobile device, select the option to scan a QR code, and point your device’s camera at it. Note: do not scan the demo image shown below. Scan the image shown in your account settings.

Scan 2FA code

If you prefer, you can enter the 2FA key into your authenticator app manually by clicking on the link Enter key manually instead shown above.

Once you have successfully added your Proton Mail account to your authenticator app, click Next.

3. Enter your Proton Account password and the 6-figure time-sensitive code provided by your authenticator app. Click Submit when you’re done.

Enter your password and 2fa authentication code

4. Proton Mail will now provide you with several 1-time use recovery codes. Please save these codes in a secure place and do not lose them

If you ever misplace or lose your authentication device (mobile phone, etc.), these codes provide the only way to log in to your account. If you lose your device, you can enter these codes instead of the 6-digit code provided by your authenticator code app. Each code can only be used once, so save all the codes.

2fa-recovery-codes

Please note that resetting your Proton Account password will automatically disable 2FA. In this case, you will need to manually enable it again: Click Settings → Go to settings → Account and password → Passwords and switch on Two-factor authentication

How to use 2FA with multiple devices

If you wish to receive your 6-digit authentication codes on multiple devices — for example, your phone and your tablet — you must have an authenticator app installed on each device.

If you have already enabled two-factor authentication, you will need to disable it first.

1. Go to Settings → Go to settings → Account and password → Two-factor authentication and toggle the TOTP switch off.

2. Toggle the Two-factor authentication switch on and scan the QR code using the authenticator app on each device. You can also take a screenshot of the QR code and save it for later to scan with your other devices.

Or you can also enter the 2FA key into your authenticator app manually if you prefer. 

If you encounter any problems, please see our support article for when two-factor authentication (2FA) is not working(new window).

Two-password mode (legacy users)

Proton Mail now uses one-password mode(new window) by default, but some early adopters may still be using our legacy two-password mode authentication system. We can combine two-password mode with 2FA, but some users may find entering a login password, 2FA code, and mailbox password too cumbersome. 

In this case, we recommend switching to one-password mode with 2FA enabled.

Didn’t find what you were looking for?

Contact support
General contactcontact@proton.me
Media contactmedia@proton.me
Legal contactlegal@proton.me
Partnerships contactpartners@proton.me