Accounts & payments
84 results found
-
Only allow login with single/main address/username
Do not allow that you can log into the account with every address.
If my account name is john.smith then only allow login with john.smith or john.smith@protonmail.com. Not with finance.john.smith@protonmail.com or any other address.
Perfect would be if you would have the choice what address can be used in order to log into your account.
With the current way you have to give away your login username in order to send emails. Hiding the username from the public would be an advantage, since they would have to guess your username and the password. Not only one of them.
484 votes -
Duo 2FA
I would like the ability to use push notifications as my 2FA. It is a no brainier as this would also allow for yubikeys. It would also allow enterprise to better keep track and make use of this service. Lastpass supports it fully and it is fantastic. I go to log in and if I did not set it to allow this device for 30 days I click accept on the notification on my phone. Much easier and more convinient than putting a pin in every time I log in. With you lacking support with bridge this is the only…
22 votes -
Add recovery phone number instead of email
...since the only one email is in use and can not to add any other recover email.
Otherwise users have to register another email on different or in your service and making email names busy but unused (used for recovery purpose only).
And somewhere in future after some period 3-6 months recovery email can be deleted and user can not to recover main email address password. So users have to remember sign in into that recovery email on constant basis. But if there will be 1-2 months delay to sign in into recovery email user can forget his password from…27 votes -
Delete un-used email addresses.
I have email addresses from a deleted domain. I can't delete the email addresses until I first remove all messages from each email address. The problem is I can't get into them in order to delete any messages.
Would you please make it easier to delete old addresses.
Many thanks for the great email service.
30 votes -
SMS 2FA
I understand this wouldn't be the choice for the most privacy-seeking users, but when one doesn't own a smartphone, the good old code sent through SMS for 2FA would be a great feature!
Best regards,
53 votes -
Recycle temporarily used/delete usernames
Recycle usernames that were only used for a short period before being deleted.
On a lot of websites common usernames are used up by people who sign up to try the service out and just delete the account.
Please consider making these usernames available once again.
92 votes -
Choose which identity to keep when downgrading
Please add the feature to allow paid users to decide which identity they get to keep if they return to the free plan.
I signed up with a protonmail.ch address but found myself mostly giving people my protonmail.com address. I want to go back to a free plan now but not being able to change my primary identity to the .com address is a problem.
77 votes -
Temporarily store 2-step verification
As it’s already (welcome) extra work to enter two passwords, could 2-step verification be implemented so that known devices would only need to be verified again every 30 days or so?
At the moment, with 2-step verification enabled, even a page reload triggers triple authentication, which makes the added security a poor experience.
256 votes -
Visionary Multi-User Support
Instead of creating new Member within the Organisation, let us "add" People that already have an Protonmail Account to our Organisation.
The benefit of that is, the Member will keep it's own Account even after he leaves the Organisation and the Admin/Visionary User just have to allocate the Addresses and Storage!
Simply said: The Admin Creates the Organisation and Add Member with their existing Protonmail Address. If the Member is on a Free Plan, he will get the benefit from the Visionary User.
When the Member leaves the Organisation, he will then fall back to the Free Plan.41 votes -
Reduce 2FA frequency
Having to grab my phone and get a code from Authy every time I want to check my mail is a major PITA. Google only asks for your second-factor authentication
A) every 30 days or
B) when you use a new app to login or
C) when you use a new machine to loginB and C are obviously required. Now, Google's 30-day period before reauthenticating might be too long, but I think users should be able to select how often then want to be required to provide a second-factor code. Allow users to require 2FA every time if they…
22 votes -
Delete (unlink) aliases from ProtonMail account
To protect ProtonMail user privacy and anonymity, we need an option to permanently unlink (delete) aliases from ProtonMail accounts.
Address counter can stay incremented, but the deleted identity (alias) should not be linked to the main account any more. Unlinked e-mail address should stay permanently disabled to prevent address recycling.
A 7, 14 or 30 day deletion waiting time can be implemented to prevent spammers from abusing ProtonMail aliases.
89 votes -
Wrong password limit
I suggest to add incorrect password limits.
a) For IP - eg. 5 incorrect passwords in 20 minuts from one IP will block logging in to ANY account from that IP for eg. 30 minutes.
b) For account (configurable in account settings) - X incorrect passwords in Y minutes/hours will block logging in from ANY IP not added to whitelist (in account settings) for Z minutes/hours and send notification to recovery email.c) After successful login show warning if there were any login attemps (invalid password).
108 votes -
Change Username
Right now if I sign up as username@protonmail.com, there's no way to change it, for instance to user.name@protonmail.com. Even though u.serna.me@protonmail.com and use.rname+change@protonmail.com already goes to username@protonmail.com.
Seems like we should be able to change this if we like!
14 votes -
SSO support
Allow employees to login using central user repository such as AD or OneLogin, typically using SAML.
12 votes -
Add security questions
You can add security questions on resetting password - after clicking link sent to recovery email, before you can enter new password, you should answer two (or three) security questions.
This will be additional security for resetting password.
71 votesAt this point, security questions have been shown to not be an effective way to validate a users identity. At this time the recovery email address is our sole means of identifying users ownership of an account.
-
Allow login username to be different from email and aliases
You can effectively make your login username a barrier from even giving hackers a starting point to get into your account. Since with this feature they would need to know your username first. This should squash any determine hacker and allow great protection to long term protonmail accounts for years to come. Thoughts of "working on hacking this account may take time" is diminished wouldnt ya say?
157 votes -
Put a country flag in security log entries
The security log fails to give the user a clear idea of who logged in. Just by the time and some ip adress it's difficult to distinguish me from a hacker.
Therefore, I propose there is a country flag in the security log entries. This way I can just take a quick look at the logs and if somehow someone in say cuba, china, russia whatever logged in, I know for sure that wasn't me.
Now obviously a hacker would use Tor or some other form of proxy but that proxy would still most likely be located in some other…60 votes -
Remove the .ch domain
All accounts ProtonMail bring by default the domain .ch and .com
We don't all live in Switzerland
So we don't want to have there the domain .ch
114 votes -
Import private keys
So we use multiple keys on one account. Eg. to continue using an old key from a previous email account with your new ProtonMail account.
58 votesWe will be adding full key management in the future.
-
Duress Password that wipes emails
A password which can be entered in times of coercion to reveal the mailbox password. When used a security mechanism (eg. wiping the mailbox) can be employed
281 votes
- Don't see your idea?