Only allow login with single/main address/username
Do not allow that you can log into the account with every address.
Perfect would be if you would have the choice what address can be used in order to log into your account.
With the current way you have to give away your login username in order to send emails. Hiding the username from the public would be an advantage, since they would have to guess your username and the password. Not only one of them.
Professor Tor Coolguy commented
This seems like a terrible oversight on the part of Proton. I really want to get a paid account, but just like that other encrypted email service that begins with a T, I can't get behind my secure, DeGoogled email and productivity suite being LESS SECURE than the snoopy one I'm trying to leave behind.
Was looking to get a Proton Mail subscription and ditch Office 365 Personal. This thing right here is a deal breaker for me. It's such an amazing feature that I used a lot in Outlook. I never give out my login address so a hacker would have to guess my login address on top of my password/2fa.
Will stick with Office 365 until this is implemented, if ever.
David Garcia commented
Personally, I don't see any problem with allowing logins through any of the addresses. Especially if you have enabled 2FA and Sentinel. I prefer to keep the service as is rather than drop an existing feature that might be used by many other users, even if you are not aware of it.
I was in the process of switching to Proton mail completely, but then, as many others, learned that I can log in using any of my aliases. This is absurd, and makes me immediately roll back my switch to Proton mail.
This would simply make my setup LESS SECURE instead of more secure, handing out more chances of attempting to compromise my proton account!
Having several email addresses registered, I would like it if one could select just one of the addresses/usernames to serve as the only log-in address/name. Currently, all addresses can be used to log in, while it is not possible to set one address as the unique sign-in name. Using only one sign-in name would increase security, as one could choose a name different from the email address that one usually uses.
Mau Z commented
This is honestly so bad! If i have 10 aliasses then the chance of someone attemting an attack is literally 10 times as high!
I was debating what mail service to switch to and ended up moving to Proton. After paying for Mail Plus and experimenting with aliases I noticed that I could sign in with any aliase I made. This gives account owners one less line of security for their accounts.
Outlook offers this a togglable feature and with iCloud mail you can only sign in using your mail iCloud email. How come these free services offer better account security when it comes to handling aliases but Proton who shouts about security and privacy but doesnt support this baffels me.
Katarzyna Ferreira commented
I feel this is crazy that it's not an option, we create aliases to keep our email private. Especially now when I use the same login to get into proton pass and drive, I think this is really critical and urgent. Please consider this.
I didn't realize login was allowed with aliases until I saw this suggestion. This is scary. I don't see any benefit to the user to be able to login with say 5 different email addresses for the same account. If they are the real account owner, they should have no issue securely storing the credentials for the main/login account (whether this is the original one, or something chosen as others have suggested). Allowing login from any alias just increases the likelihood of an unauthorized party gaining access.
I propose this feature to increase the security of the account.
So, right now, if an account owner connects his domain to Proton and creates several additional email addresses, each of these addresses can be used to log in to the owner's account.
I propose to introduce the ability to prohibit login using certain emails.
For example, when creating an account with Proton, the account looks like this: firstname.lastname@example.org
John can use each of the three addresses to log into his account.
A new feature is proposed to make it so that John can deny logging in to his account from e.g. email@example.com. Or all of them, except for any one, so that John won't block himself.
Any email that I have floating out there on the internet, I do not want to be able to have that used to log into my account. I would love to be able to choose which email address supports logging in.
This would be an awsome feature. Would also add a lot of security.
This! Being able to select which username or email address used to log in would be a beneficial security feature. Please implement this!
This is a very important and critical security feature to my setup. It is also a highly requested feature judging by the number of votes. Please review this and plan on adding it. As other have mentioned Outlook already offers this feature so it seems doable.
This is a feature I use wtih my Outlook account. I was brute forced with my email address that was compromised by a 3rd party data breach. Thankfully 2FA stopped them but after the attempt I looking into their security features and was able to disable login capabilities from the account that they were using.
Being able to deselect aliases used for login attempts would enhance security by minimizing attack surfaces. Please prioritize this feature.
A basic privacy and security thing to do would be to not give away any login credential information to anyone...
But of course if everytime we send an email (main address or not) we also send half of our login credential to the recipients, then something have failed in the whole idea to create a private and secure service!
Please implement this feature!
Reading some of the posts below that don't think this is valuable, from experience, it worked for my account. I had an account that was consistently attempted to be logged in from hackers. I disabled that alias from login and the attempts disappeared. so it does work.
For additional security, I would like to have the ability to disable all the alias email address from the ability to sign into the account. I was planning to use the primary email address as the admin address and not send or distribute email from that address. This reduces the risk of hacking accounts. ideally, allow the user to allow login from the username only.
Outlook.com has a similar feature.
Aaron Smith commented
I have reported that the most important thing is working