Set up two-factor authentication (2FA) with an authenticator app

Two-factor authentication (2FA) adds an extra layer of security to your Proton Account by requiring a second form of verification in addition to your password.

This article explains how to set up 2FA with an authenticator app. But you can also set up 2FA with a physical U2F or FIDO2 security key.

Learn more: Two-factor authentication explained

---

• How it works
• Set up authenticator app 2FA
  • Add additional 2FA devices
  • Disable authenticator app 2FA
• Sign in with authenticator app 2FA
• Troubleshooting
• Lost 2FA device
• What’s an authenticator app and which one should I use?
• Which 2FA method is best for me?

---

How it works

When you enable authenticator app 2FA, you’ll need to complete two verification steps to sign in to your Proton Account:

• Step 1: Enter your username and password.
• Step 2: Enter a six-digit code from an authenticator app linked to your account.

Set up authenticator app 2FA

If you haven’t already, download an authenticator app on the device you want to use for two-factor authentication. Remember, you’ll need to have this device with you every time you sign in to Proton.

1. Sign in to account.proton.me and open your account settings (Settings ⚙️ → All settings).

2. Select Account and password from the sidebar. Scroll to Two-factor authentication and turn on the Authenticator app toggle.

(yeni pencere)

3. Enter your password to continue.
4. You should now see a QR code. Open your authenticator app and find the option to add a new account. From here, you can:

a. Pair your authenticator app using the QR code

• Use your device camera to scan the QR code shown in your Proton Account settings.
• If you want to pair multiple authenticator apps, scan the code with all of your devices now.

b. Pair your authenticator app manually

• Click Enter key manually instead and enter the details shown to your authenticator app.
• If you want to pair multiple authenticator apps, add these details to all of your apps now.

Once you’ve successfully added your Proton Mail account to your authenticator app, click Next.

5. Enter your password and the 6-digit code from your authenticator app. Click Submit when you’re done.

6. Save your recovery codes. These one-use codes will let you sign in to Proton if you lose access to your authenticator app. Make sure you store them securely.

Two-factor authentication is enabled. From now on, you’ll need to enter a six-digit code from your authenticator app every time you sign in.

Add additional 2FA devices

You can receive 2FA codes on multiple devices, or on multiple authenticator apps.

The apps need to be paired using the same QR code (or 2FA key). So if you’re already using authenticator app 2FA, you’ll need to:

1. Disable authenticator app 2FA (turn the Authenticator app switch Off).
2. Re-enable authenticator app 2FA (turn the switch back On).
3. Set up 2FA again, pairing every device you want to use with the QR code or 2FA key shown in your settings.

If you don’t have all of your devices with you now, you can take a screenshot of your QR code or 2FA key details and pair your other devices later.

Disable authenticator app 2FA

1. Sign in to account.proton.me and open your account settings (Settings ⚙️ → All settings).

2. Select Account and password from the sidebar. Scroll to Two-factor authentication and turn off the Authenticator app toggle.

3. Enter your password to confirm.

Authenticator app 2FA is now disabled. The next time you sign in, you won’t need to enter a code from your authenticator app.

Sign in to Proton with authentication app 2FA

1. Open any Proton app and sign in with your username and password.
2. Open your authenticator app and find the six-digit code for your Proton Account.
3. Enter the six-digit code and click Authenticate.

You’re now signed in.

Troubleshooting

“Incorrect login credentials” error message

This usually happens when the time and date on your 2FA device doesn’t match the device you want to sign in on.

For 2FA to work, the date and time on your devices should be exactly the same.

Make sure your devices are in sync and try again.

Check your setup

If you have synced your devices, but you are still unable to access your account, please make sure that you have followed the step-by-step instructions for enabling 2FA in this article.

Other sign-in issues

If you can’t get into your Proton Account for another reason, check out our troubleshooting guide for account sign-in issues.

Lost 2FA device

If you’ve set up authenticator app 2FA and you can’t access your 2FA device or code:

• If you also have security key 2FA enabled, you can use that instead. Just select the Security key tab at sign-in.

• If not, you’ll need to use a 2FA recovery code or another account recovery method. Learn how to recover your account if you’ve lost your 2FA device

You can pair multiple 2FA devices with Proton Account. This reduces the risk of getting locked out of your account.

What’s an authenticator app and which one should I use?

An authenticator app generates time-based one-time passwords(yeni pencere) (TOTPs) that you can use to show that it’s really you trying to sign in to an online service.

There are lots of different authenticator apps available to download on mobile and desktop, but we recommend Proton Authenticator. It’s free, end-to-end encrypted, and available on every device:

• Access your 2FA codes on mobile and desktop apps, even offline.
• Sync your 2FA codes to all your devices with end-to-end encryption.
• Enable automatic backups for peace of mind.
• Easily import from other 2FA apps, or export from Proton Authenticator.
• Protect your account with biometrics or a PIN code.

Download Proton Authenticator

Which 2FA method is best for me?

It depends on your security and privacy needs. Security key 2FA provides greater protection against cyberattacks like phishing. But using an authenticator app on your phone can be more convenient.