Only allow login with the username/main address, not with every address.
Do not allow that you can log into the account with every address.
If my account name is john.smith then only allow login with john.smith or john.smith@protonmail.com. Not with finance.john.smith@protonmail.com or any other address.
Perfect would be if you would have the choice what address can be used in order to log into your account.
With the current way you have to give away your login username in order to send emails. Hiding the username from the public would be an advantage, since they would have to guess your username and the password. Not only one of them.

-
eggsbenedict commented
This! Being able to select which username or email address used to log in would be a beneficial security feature. Please implement this!
-
Andy commented
This is a very important and critical security feature to my setup. It is also a highly requested feature judging by the number of votes. Please review this and plan on adding it. As other have mentioned Outlook already offers this feature so it seems doable.
-
AP commented
This is a feature I use wtih my Outlook account. I was brute forced with my email address that was compromised by a 3rd party data breach. Thankfully 2FA stopped them but after the attempt I looking into their security features and was able to disable login capabilities from the account that they were using.
Being able to deselect aliases used for login attempts would enhance security by minimizing attack surfaces. Please prioritize this feature.
-
Tillmann commented
Please implement this feature!
-
CG commented
Reading some of the posts below that don't think this is valuable, from experience, it worked for my account. I had an account that was consistently attempted to be logged in from hackers. I disabled that alias from login and the attempts disappeared. so it does work.
-
CG commented
For additional security, I would like to have the ability to disable all the alias email address from the ability to sign into the account. I was planning to use the primary email address as the admin address and not send or distribute email from that address. This reduces the risk of hacking accounts. ideally, allow the user to allow login from the username only.
Outlook.com has a similar feature.
-
Aaron Smith commented
I have reported that the most important thing is working
-
Libiev commented
Yup, I can even login with my domain address. That's no good. You can say 2FA is there but why even give attackers a chance to begin with. You can take outlook as an example. If you go to account info > sign in preferences > you can uncheck aliases, you don't want to login with.
-
Joe Q commented
Username should not be an email address.
This added security could be a paid account feature.
-
Matthew Malek commented
I agree on the part of this assuming we were to be able to change which email was the main address after we purchase the package.
-
Anonymous commented
@ProtonmailTeam someone should care a bit about curating the feature request lists. This idea has several duplicates:
-
Gordon Runkle commented
Having login credentials that are private and not the same as our email address removes an entire attack face from play and should be a top priority.
-
Boris commented
I agree with the original poster too!
Having a different login instead of the email you are using (who is public) is not obscurity but it's another 2FA much more convenient and simple to use than the one protonmail provides now.
I'm considering more than publishing your login in the public domain is a security issue!
It potentially exposes you to a bot attack.
Having 5 email aliases means potentially having 5 public logins published for the same account.And having this feature + the 2FA from protonmail will be 3FA!
This feature is definitely missing for me!
-
John Smith commented
security by obscurity
nah -
The punisher commented
Rafficer u need to chill and quit trying to hook up with my wife you know Cindy is married, and why are you two sharing ideas just how well do you know my wife mother fucker
-
Shreyas Purohit commented
I am not sure how much this helps. You have login password, then 2FA and then another mailbox password if you have it enabled. Its probably more useful to increase your password length by 5 characters than try to hide your email. Security by obscurity does not go a long way. I would rather see a feature that allows you to enter a second set of passwords that will open an virtual inbox with empty or some predefined emails which can be used in coerced situations.
-
ProtonmailComments commented
Agree with the original poster: I'd like to see logins restricted to one's main email address, or to a username
-
Anonymous commented
Username should not be your email.. Look to what fencemail have done..
-
Eric Johnson commented
I do something like this on a company account hosted elsewhere. My primary username is a very obscure word. No email ever goes out with that username, but with the alias for the account.
My main reason for doing this is so that if I start getting lots of spam at that address, I can set up and start using a new alias for any new e-mail and set the old alias to only accept e-mail to those specific users I expect to get e-mail from.
-
BoC commented
Agree with Joel Drapper