How can we improve ProtonMail?

idea to stop fishing site

Add a new functionnality where in the settings you can edit a sentence that will be stored encrypted.
It will only be decrypted and shown to you after your enter your login password but BEFORE you enter the mailbox password.
This way if the network is compromised and you end up on a protonmail fishing site, you will only have given the login password and NOT the mailbox password.
This will be especially helpfull when a tor address will be made available.

104 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MalMal commented  · 

        The new authentication protocol (TLS-SRP) that ProtonMail quietly introduced around two months ago, protects against that threat, I believe.

      • Peter GorskiPeter Gorski commented  · 

        There are also other approaches which should be considered if you like to address Phishing threats:

        Lo Iacono, L., Viet Nguyen, H., Hirsch, T., Baiers, M. and Möller, S. (2014). UI-Dressing to Detect Phishing. Proc. 6th Int. Symposium on Cyberspace Safety and Security

      Feedback and Knowledge Base