It would indeed completely make sense from a security standpoint to be able to restrict e-mail addresses that can be used to log in with in Proton to just one (which you then don't share with anyone and you just use other e-mail addresses for all e-mail communication instead).

Considering the account security nature of this feature request, I've marked this feature request as critical for me.

Yes please! There's a similar thread under the account section too that has gone unanswered by Proton since 2017. If any Proton employee reads this post, can you please ask a supervisor to look into it and at least respond whether or not there's some technical limitation preventing Proton from implementing this despite Outlook being able to?

The easiest thing to communicate is SAME FOR ME. Looking over all the postings for this request i see:
1. this has been going on a long time
2. Proton has provided no feedback on this forum (like, we hear you...here is our plan...or these are our concerns)
3. Many other mainstream email systems support this (and no feedback from Proton like...this is why we are worried about the implementation from this security perspective)

hmmmm.

I would also like to voice the importance of this feature for securing an account. Additional addresses should be just that - for sending and receiving email, someone who digs up your mx records or knows where you mail from shouldn't have half (or a third with 2FA) of the login information they need right away. Sure there could be an option for enabling or disabling login by alias but having them all function by default does feel like a downgrade.

I understand it may be a large undertaking, but it would be a huge step to keep moving in the right direction in terms of privacy and security.

Overall I'm very happy with my move to Proton from Gsuite, but it could always be better!

I commented on this and labeled critical long ago. As I see more and more comments and no acknowledgement from DEV, I believe it’s due to how foundational this issue is as it relates to codebase and how obvious it is that it should be a feature/fix (I work in software dev). Fixing this would be a huge effort and acknowledging this opens up a self-proclaimed weakness and negates one of the benefits of paying (aliases that are assumed to not be an attack vector). As soon as it’s acknowledged then it enters the backlog and clock starts ticking but, again, if this is an epic lift then they might not want this monster in backlog especially when they have to admit that the current state is not ideal from security standpoint. My hope is they are aware of the concern and low-key working on this. Keep losing hope as more and more time passes though.

I don't get the point of having aliases if one can log in with each of them. I thought the whole point was that your main e-mailadress is safe.,

Critical! Was considering upgrading to get more addresses, but won’t after I became aware that they can all be used to log in.

Proton, please implement this immediately. You're increasing the attack surface exponentially for EACH user - thus increasing the RISK exponentially for each user. There's no reason that each alias should allow login permissions; this ought to be a technically easy fix. Please, do this ASAP, to protect your users AND your reputation!

I was under the guise *only* the default email address could be used to log into my account.
Reading this post and the comments on it (and trying it for myself, as well) I'm able to log into my proton account from *any* email address on my proton account.
This is a significant issue.

(I would also like to thank you folks who mentioned logging in via an alias whose only use is logging in. I've never thought of it myself, but it is a wonderful idea.)

+1

Very important option, I hope it will come soon ! The number of votes increases considerably if you merge this suggestion with that one : https://protonmail.uservoice.com/forums/935538-accounts-payments/suggestions/31027744-only-allow-login-with-single-main-address-username

I love this idea, the ability to have one of the emails you created with proton to be able to choose which ones you can log into your email with and which ones you can't. So you could have an email you created that you share with no one that you can log into and all other emails you could choose to have them not be able to be signed into, in the event an email is compromised, someone wouldn't be able to log in to your account which would be great.

This is crucial, do as outlook asap!

Proton, why don’t you understand how significant this is? Why have you not put it on your road map? Why have you not fixed it? Or are you using outlook for your own email?

Huge issue for me, it's quite ridiculous that when I send an email I expose a part of my credentials to the world.

I would really like to keep my primary account name hidden and make it the only one that can be used to log in, eliminating the presence of addresses directing to my account in the wild. And, I prefer to use my extra addresses with Plus rather than random aliases!

+1

One would expected this feature to be there. Adding an option to choose which aliases can be used to log in (just make sure that one has to remain active) is logical approach. Dear Proton team - please make it real ;)

This is the reason I changed to proton (just after that I realized this option wasn't available). For me it was obvious, if I can create aliases, I can't login with them, just with my main account.

Yes, if someone knows that I use Proton (by looking at MX record on DNS for example) then it's super easy to guess my Proton's login email address / username based on my real name.

2FA and unique, complex and long password is the key, yeah. But, I would feel a lot safer knowing that no one is even trying to log into my account. Disabling login from all aliases except a single one that I never use anywhere would feel awesome. Like some other users said, Outlook and multiple other mail services are already doing it, so it would feel great to have it here too!