"Keep me logged in" option
I really like ProtonMail and use it as my primary mailing service. But one of the most tedious things about it is having to enter the two passwords every time i want to check my e-mail.
ProtonMail keeps logging me out after a few seconds/minutes of closing its tab, so i now have to keep a tab open in order to continuously check my e-mail. Furthermore, i'm using long passwords (in conjunction with Keepass) for more security, so it's not easy to type my passwords every few minutes.
I use ProtonMail on my desktop home computer, so there's no danger from someone having physical access to that PC. There should be a Remember Me/keep me logged in option for cases like this.
I have already communicated this issue to ProtonMail support. They kindly responded that "We applied that feature for security reasons, because many users are using ProtonMail from different devices". I don't really understand what this means, since i'm proposing a system which will keep me logged in on my current desktop computer, the one i,m using right now. Even if it's only for a certain amount of time, px 30 minutes or an hour.
I really hope there's a workaround/solution in the future for this, since ProtonMail is really great and this issue could potentially become a deal-breaker for me.
Ramiro Saenz commented
Adding trusted computers to keep logged in is the key.
For now, I use Rambox (www.rambox.pro) to keep ProtonMail opened. :)
Kevin de Bie commented
It's a great safety feature, especially with the people that have a tendancy to forget to log off, but there should be some way of adding trusted computers to some whitelist I agree.
The phone app also allows you to stay logged in and that, to me, has greater implications then having such a featre on a pc.
I agree with this suggestion.
At least allow users to check a "remember me" box on their personally owned devices *as an option* *at their discretion* to bypass having to constantly re-enter their username and two passwords every time they go back to a page.
If you check the box when logging in, maybe you only need to verify the username and first password once a week, and the encryption password once every 24 hours with separate countdowns on each device you use. Better yet, make the span of time each log-in lasts user configurable.
We're talking about giving end users options, not reducing security for users who do not want the options. Those that don't want the options simply would not enable them. That's why they call them options. :)
And some people might choose to, for example, click "Remember me" and stay logged into a home computer, but choose to never check that box and never stay logged into a work or public computer.
Options are opportunities for user choice, not limitations.
Also worth noting is that if this is a service that going to take off with the general public, this is going to need to happen, essentially. Only very strong privacy advocates are going to put up with the effort of having to enter a username and both passwords every single time they check their email. What if you're waiting on an important email or check your mail frequently due to mail volume? You might click back in and check 5 times in an hour, and then you are talking 15 instance of possibly extended usernames and passwords- 3 every time you come back to the site.
In the end, this service won't work for users who like security as a feature, but don't really *need* it, if it is significantly less convenient than it's mainstream competitors. Heck, some users might be here because there are no advertisements, because it is open-source, because it's not owned by a huge corporation, or because it has a cool name. You retain none of those people if you make staying logged in a major hassle for them that takes up large quantities of their day repeatedly every day, with no way for them to streamline the process.
Just keep the tab open? Chrome and Firefox have the right-click → Pin tab feature if you don't want it taking up space.