+1000

This is why I don’t use Proton as my main email: I can’t rely on an address that grants direct access to my most private data.

This is literally the fourth most highly requested feature in the accounts/payments category (if you lump requests for various different crypto into one) and yet no response from Proton. Please implement this ASAP! It can't possibly be that difficult to do so!

I'm just transitioning to Proton and I'm glad I discovered that the extra emails can be used to log in before I put them in the wild! My goal is to keep my main account email hidden, but I would much prefer being able to use my additional addresses (without the ability to use them to log in) than use random aliases. ONLY being able to log in with the primary account email seems ideal!!

+1

+1

+1

This is a huge hole/bug imo

How is this not implemented yet?! 2017!? For a platform that is supposed to be safe/sec first

Yes please! I can't imagine this would be too difficult to implement. It could be left turned off by default so it wouldn't cause problems for anyone used to logging in with the aliases but would give much peace of mind to those who like that feature on other providers like Microsoft Outlook.

@Ghost is 100% on the money. Come on Proton. You brand yourselves as "not like the other guys" but you're failing to actually distinguish yourselves that way. Actions speak louder than your somewhat-hollow branding.

I was going create this request too ! It's very important for security !
Someone with a secondary address will never be able to hack me

Currently, I’m able to log in to my Proton Mail account using any of my email addresses (I have around 10).

I would like to request the option to restrict account login so that only my default email address can be used for authentication, across all Proton services (Proton Mail, Proton Pass, etc.).

This feature would enhance account security by allowing me to keep my default email private and use the others only for communication purposes. Since no one else knows my default email, it would significantly reduce the risk of unauthorized access.

I purchased a 24-month Unlimited subscription last year around Christmas and haven’t used Proton for any of my sensitive accounts yet, specifically because of this issue.

I’m not upset about the cost, Proton’s free services helped me for years, and I’m glad to support the mission. But if any of my aliases (especially custom domain aliases) can be used as login credentials to access critical tools like Proton Drive, Proton Pass, or even my Proton-linked crypto wallet, then I can’t justify routing everything through one platform.

No matter how secure the infrastructure is, security relies on separation. If my identity, my recovery paths, and my storage are all linked to a single alias that can be guessed, brute-forced, or phished, then Proton becomes a single point of catastrophic failure.

Please consider implementing true separation between:

- Login credentials (obfuscated)

- Email aliases (public or semi-public)

- Recovery methods (private, out-of-band)

I want to trust Proton with more, but I need the system to respect that privacy includes architecture, not just encryption.

I find this feature important for security. One secret address as user name for login and few aliases to share.

Implement this!

This would be really great if it could be added.

There could simply be a toggle switch in Settings: "allow logging in with aliases".

When disabled, only the main account username would be accepted as a username for logging in -- not any of the additional created e-mail addresses.

Many users employ the tactic of not revealing their permanent master username to anyone, and only e-mailing others using additional addresses.

Everyone SHOULD have a strong password and 2FA turned on -- but it's even better if potential attackers don't even know your username on top of that!

The fact they don't have it boggles the mind. And you can only find out once you have paid because you cannot create aliases before that. I will leave my yearly subscription to not reactivate, looking for other providers ... but hopefully they come to their senses in a year.

Dear Proton,

Please implement this feature.

I work in IT for large supercomputing infrastructures, no doubt as your origins are from CERN, you are aware of how easy it should be to implement access rights management feature like this.

Perhaps it could be sufficient to just add 'Access Rights Management' and then a dropdown or checkbox for each e-mailaddress where you can choose the Permissions.

E.g. below

Username 1 or Proton E-mail alias 1 |
Allow login to Proton account?: Checkbox: Yes |
E-mail can be sent from this addres?: Checkbox: No |
Can access services other than Protonmail? Checkbox: Yes |

E-mail alias 2 |
Can login to Proton account? Checkbox: No |
E--mail can be sent from this addres? Checkbox: Yes |
Can access services other than Protonmail? Checkbox: No |

E-mail alias 3 |
Can login to Proton account?: Checkbox: No |
E--mail can be sent from this addres?: Checkbox: Yes |
Can access services other than Protonmail?: Checkbox: No |

In the above manner the primary username is used to login only, and never exposed sending an e-mail.

Furthermore, other e-mail aliases cannot login or access a different Proton service, but just send e-mail, as is their purpose. These aliases can be selected from the already existing dropdown function Protonmail has.

What does this accomplish?

- The benefit of never exposing your username externally, annihilating the first coordinate of the attack surface. If you don't even have a username to begin with, you'd have to guess/bruteforce that too.

- A neat segregation of access rights, it's not necessary to be able to login with all e-mail aliases. Some are only used to send e-mail with.

- We already trust in Proton's sturdy security practices. You don't just get an ISO 27001.
But this approach also eliminates cybersecurity mistakes that might occur from the user end, accidentally exposing an e-mail address that can login, which helps a hacker who now only has to focus on a password and 2FA vector.

What if the hacker obtained our exposed e-mail and sends phishing e-mails (we all know there are sophisticated AI spellchecked & grammatically correct phishing e-mails these days) and we accidentally click on a bad link?

If this hacker obtained our password, but not the username (because we never exposed it) he will try to login with the Proton e-mail alias we use for e-mail only, which he will never be able to login with, because of access management.

Then it all comes down to robustness of security practices in Proton's platform itself, which I trust are already top notch.

Please provide us with this feature and make the picture complete.

I find it really absurd that you can log in with aliases!! Please implement this feature asap!!!
Aliases must be handled like "hide-my-email" aliases.
Thank you very much.