Add security questions
You can add security questions on resetting password - after clicking link sent to recovery email, before you can enter new password, you should answer two (or three) security questions.
This will be additional security for resetting password.
At this point, security questions have been shown to not be an effective way to validate a users identity. At this time the recovery email address is our sole means of identifying users ownership of an account.
I despise and don't trust security Qs.
If they must be added, let the user create the both the Q and A.
Scott Scoville commented
I generate my own highly-secure passwords. Anyone who is too lazy to do this should accept the consequences and have the low security they bought. Security Questions - bah! Make sure you don't make them mandatory. In coming to proton, I wanted to get away from the encumbering motherhood and nonsense prevalent at google and microsoft. If it creeps in here, I am gone.
But NOT email OR question, but EMAIL AND QUESTION (you have to pass two verifications to gain access).
I think the current setup is safer (without an email recovery option). Users need to remember their passwords and or encrypt backups in safe locations
David Burry commented
Depending on how implemented, this can, in fact, seriously lower security... see:
Greg, yes but currently access to the recovery email = access to protonmail account and I suggest to add security questions AFTER entering code sent to security email.
"Security questions" weaken the overall security of the account as any research into successful attacks will reveal. Protonmail, please do not mandate the use of these. They really are bad practice.
Frankly, people should be using a password manager and backing up said password manager. If you cannot take responsibility for this, you're probably better off using a more generic email address like gmail or hotmail, which use poor security practices (i.e., being able to "reset" forgotten passwords).