Skip to content

How can we improve our accounts settings, payments or plans?

← Accounts & payments

Add security questions

You can add security questions on resetting password - after clicking link sent to recovery email, before you can enter new password, you should answer two (or three) security questions.

This will be additional security for resetting password.

153 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Tester shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Under review  ·  AdminThe Proton Team (Privacy Protector, Proton) responded  · 

At this point, security questions have been shown to not be an effective way to validate a users identity. At this time the recovery email address is our sole means of identifying users ownership of an account.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • bE commented  ·   ·  Report

    I despise and don't trust security Qs.

    If they must be added, let the user create the both the Q and A.

  • Scott Scoville commented  ·   ·  Report

    I generate my own highly-secure passwords. Anyone who is too lazy to do this should accept the consequences and have the low security they bought. Security Questions - bah! Make sure you don't make them mandatory. In coming to proton, I wanted to get away from the encumbering motherhood and nonsense prevalent at google and microsoft. If it creeps in here, I am gone.

  • Anonymous commented  ·   ·  Report

    But NOT email OR question, but EMAIL AND QUESTION (you have to pass two verifications to gain access).

  • Seth commented  ·   ·  Report

    I think the current setup is safer (without an email recovery option). Users need to remember their passwords and or encrypt backups in safe locations

  • Tester commented  ·   ·  Report

    Greg, yes but currently access to the recovery email = access to protonmail account and I suggest to add security questions AFTER entering code sent to security email.

  • Greg commented  ·   ·  Report

    "Security questions" weaken the overall security of the account as any research into successful attacks will reveal. Protonmail, please do not mandate the use of these. They really are bad practice.

    Frankly, people should be using a password manager and backing up said password manager. If you cannot take responsibility for this, you're probably better off using a more generic email address like gmail or hotmail, which use poor security practices (i.e., being able to "reset" forgotten passwords).

Accounts & payments: Accounts

Categories

Feedback and Knowledge Base

(thinking…)