How can we improve ProtonMail?

Only allow login with the username/main address, not with every address.

Do not allow that you can log into the account with every address.

If my account name is john.smith then only allow login with john.smith or john.smith@protonmail.com. Not with finance.john.smith@protonmail.com or any other address.

Perfect would be if you would have the choice what address can be used in order to log into your account.

With the current way you have to give away your login username in order to send emails. Hiding the username from the public would be an advantage, since they would have to guess your username and the password. Not only one of them.

581 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Rafficer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    12 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • The punisher commented  ·   ·  Flag as inappropriate

        Rafficer u need to chill and quit trying to hook up with my wife you know Cindy is married, and why are you two sharing ideas just how well do you know my wife mother fucker

      • Shreyas Purohit commented  ·   ·  Flag as inappropriate

        I am not sure how much this helps. You have login password, then 2FA and then another mailbox password if you have it enabled. Its probably more useful to increase your password length by 5 characters than try to hide your email. Security by obscurity does not go a long way. I would rather see a feature that allows you to enter a second set of passwords that will open an virtual inbox with empty or some predefined emails which can be used in coerced situations.

      • Eric Johnson commented  ·   ·  Flag as inappropriate

        I do something like this on a company account hosted elsewhere. My primary username is a very obscure word. No email ever goes out with that username, but with the alias for the account.

        My main reason for doing this is so that if I start getting lots of spam at that address, I can set up and start using a new alias for any new e-mail and set the old alias to only accept e-mail to those specific users I expect to get e-mail from.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It would be best to separate the login ID from the email address completely. Or allow that option for people who are especially concerned about hackers.

        It would be even better if the feature is optional. Just confuse the heck out of anyone trying to hack in!

      • JP commented  ·   ·  Flag as inappropriate

        I'm with Joel. Usernames are part of your online identity and are not considered private.

      • Joel Drapper commented  ·   ·  Flag as inappropriate

        This is such a minimal advantage, it would be a waste of time to develop. Adding one more character to your password would do so much more to improve your security.

      Feedback and Knowledge Base