Only allow login with single/main address/username
Do not allow that you can log into the account with every address.
If my account name is john.smith then only allow login with john.smith or john.smith@protonmail.com. Not with finance.john.smith@protonmail.com or any other address.
Perfect would be if you would have the choice what address can be used in order to log into your account.
With the current way you have to give away your login username in order to send emails. Hiding the username from the public would be an advantage, since they would have to guess your username and the password. Not only one of them.
-
Yan b commented
For those who can create multiple addresses... This is being able to select the email address or username with which you want to log in on your protonmail account. Thus, if you cannot log into your protonmail account with the addresses used for account creation on other websites (potentially made public) but you must log in with the "secret" email address that you have chosen or the username, the security of your protonmail account will be greatly improved. If I do not make a mistake and if I did not miss such an option, at this time it will not only be necessary to discover the code but also the email address or the username to access your account .
-
Lars commented
I was just about to suggest this! +1
-
Libiev commented
Yup, I can even login with my domain address. That's no good. You can say 2FA is there but why even give attackers a chance to begin with. You can take outlook as an example. If you go to account info > sign in preferences > you can uncheck aliases, you don't want to login with.
-
J commented
I was going to suggest this myself. I just discovered, to my dismay, that *any* of my addresses can be used for login! I had designated one additional address to be "public facing" so that I could share that address freely on the web, without revealing the username for *all* my ProtonMail services... Turns out that is not how things work.
Enable/disable would be an excellent addition. Given a choice, I would only use my original username for login - and that's it.
-
Lukas commented
As a 'ProtonMail Plus' user, I have 5 e-mail addresses that are linked to my personal '@domain.com' plus, the '@protonmail.com' one. I'm only using my '@domain.com' addresses so no one really knows my '@protonmail.com' address. I think it might be interesting to be able to activate or deactivate the login with the addresses we want, so that, in my situation, I can only connect to my account with my '@protonmail.com' address.
-
Peter commented
In order to prevent others from knowing my login username to my protonmail account, , it woul be very helpful if one could disable or enable the use of additional email addresses as user login name. Currently I can login into protonmail with all my email addresses. But I would like to choose which adress I exclusivley use for login into my account. For this it would be very helpful, if I could enable or disable for every email adress the login option. This would enhance account security drastically because "regulary" used email addresses to not reveal the username of the account.
-
Anonymous commented
Good point, I am transferring my votes.
-
rxub commented
kind of duplicate of https://protonmail.uservoice.com/forums/284483-feedback/suggestions/10641012-allow-login-username-to-be-different-from-email-an
I would suggest to people to also vote the one with most votes.
-
Anonymous commented
Agree!
All other providers make this distinction by default between main address (= account login) and alias addresses. It is a security feature (more precisely, not making this distinction is a security flaw).
-
Joe Q commented
Username should not be an email address.
This added security could be a paid account feature.
-
Matthew Malek commented
I agree on the part of this assuming we were to be able to change which email was the main address after we purchase the package.
-
Flo commented
That's a good idea, I asked last year Proton Mail if they have planned to implement this option but so far, no news :/
-
Jeff commented
I'd love to have this. I give out my aliased email to people I know, but I'd like the ability to keep that one from being able to login to the account. That also makes it so if there's a data breach, on say Equifax, where it exposes my email and password, then the hackers can't then try using that on Proton to gain access to my email and some 2FA options.
-
iCoExist commented
I have a lot of different emails, some under my domain and others just under pm.me.
It would be beneficial to allow login to a specific email address, for instance if I use one for work, I can simply login to this email on my work device and have all the email only associated with that account at my fingertips. I realize you can filter out emails based on who they're sent to, however this is just a tedious step in my opinion.
If this is too difficult to implement, I would also suggest perhaps a dropdown or option when logging into a protonmail account to select a specific address to view mail for. Right now, viewing all my email in one box is a bit overwhelming.
-
Anonymous commented
@ProtonmailTeam someone should care a bit about curating the feature request lists. This idea has several duplicates:
-
Gordon Runkle commented
Having login credentials that are private and not the same as our email address removes an entire attack face from play and should be a top priority.
-
Boris commented
I agree with the original poster too!
Having a different login instead of the email you are using (who is public) is not obscurity but it's another 2FA much more convenient and simple to use than the one protonmail provides now.
I'm considering more than publishing your login in the public domain is a security issue!
It potentially exposes you to a bot attack.
Having 5 email aliases means potentially having 5 public logins published for the same account.And having this feature + the 2FA from protonmail will be 3FA!
This feature is definitely missing for me!
-
John Smith commented
security by obscurity
nah -
UVP commented
This is a great idea. A user could use their primary id for logging in ONLY, and use aliases to communicate. This prevents the login id from being exposed.
-
The punisher commented
Rafficer u need to chill and quit trying to hook up with my wife you know Cindy is married, and why are you two sharing ideas just how well do you know my wife mother fucker