2FA via secondary email
Enabling the option to use email addresses as a second factor of authentication:
Functionality: ProtonMail could implement a feature that allows users to register an additional email address as a second factor of authentication. This email address could be different from the primary one associated with the account.
Configuration: In the security settings, users could add a secondary email address. This address would only be used as a second factor on new or unrecognized devices.
Email Verification: When a user logs in from a new device, ProtonMail could send a verification code to the secondary email address. The user would need to enter this code to complete the login process.
Introduction of Trusted Devices:
When a user logs in with their primary password, ProtonMail will send an alert to the trusted devices associated with the account. These trusted devices can be previously authorized mobile phones, computers, or tablets.
The user must approve the login request on one of the trusted devices before proceeding.
Second Factor Code Request:
After approval, a form or button will appear to request the second-factor security code. The user will enter the verification code (which can be sent via SMS, generated by an authentication app, or sent to a secondary email address, as mentioned earlier).
Benefits:
This modification provides a dual layer of security:
The primary password serves as the first factor.
Approval from a trusted device serves as the second factor.
Users will be notified of any suspicious activity through notifications on their trusted devices.
Optionality and Education:
this feature should be optional. Users can choose to enable it or maintain their current settings.
ProtonMail should educate users about the importance of this feature and guide them on configuring their trusted devices.