You are currently able to log in to a Proton service using any of your email aliases. A user should have the option to disable account logins for anything other than their original account username.

I was going to create a similar request in this direction: select the Email Alias/Identities allowed to log in.
This is a feature included in outlook.com
The security benefit is obvious. You can have 1 clean email/alias/identity not shared or used anywhere for login. While the others, even if leaked are useless for login.
In my view, this is a critical one to have.

I think "additional addresses" that I have paid for I should be given the option where I can enable or disable the ability to login using that email address. Because you will not find out about a leak until after the leak or breach happens... There is a lag... Gives time for hackers to try to break into your account. If the additional address is not enabled to be logged in, then there is no way for them to get in. I have 2FA enabled which uses some authenticator app on my phone. But i have heard about phones being taken over. So, much harder to break in an account if they can never get into it in the first place unless they know the account email address. Besides, I do not have faith in some A.I. sential because it has been proven that a lot of A.I. out there has delusions.

Adding my support and real-world use case... Due to my info being exposed in many data breaches I have abandoned several email addresses. On my MS Outlook account I am able to disable logging in with all but one email address. This email address is dedicated to the purpose of login and is never used for sending emails. This limits the risk of the login email being exposed in data breaches. My login email address does not contain my name or any other PII. As stated already, it would be ideal if logging in could be limited to the "user name" only and or 1 email address. Another way to say this is, I want the ability to disable use of any of my Proton email addresses for the purpose of logging into my Proton account. Hope this helps. Kind Regards, M.

I suggest that if we have multiple addresses/aliases on our account, we should be able to choose which ones we can log in with. That would greatly improve our security and privacy. This is possible on other sites like Outlook, where you can have multiple aliases but choose only one to log in with.

Then we could have one address/alias only for login and it would never be shared with anyone or any website.

Or again, if we have aliases to register on sites that are not trusted, they could never use that address to try to log in to our account.

I think this is something very necessary and useful.

It would be as easy as in the ‘Identity and addresses’ section, where our aliases/addresses are listed, to be able to select which ones we can log in with and which ones we cannot.

I hope my suggestion will be useful for many and can be implemented.

Best regards and thank you very much.

Wow, you are absolutely right. They really said exactly what you mentioned in my Reddit post. I don’t really understand their perspective. Maybe they have sophisticated algorithms to prevent it, but I don’t think so. I believe their sentinel is just a logging mechanism with system and human monitoring—nothing more. It seems more like they are being overconfident to me. To me, it’s the same as 15 accounts using the same password. I regret becoming a paid user.

Please Proton Team, this should be an easy security feature to add. I hate that any of my email addresses can be used to log into my entire proton account, I should have the ability to use an email that hasnt been exposed externally as my login, thus preventing any brute force attacks on a compromised address.

And they’re going to tell you that it doesn’t affect security at all. That as long as you have a good password and 2FA, you’re good.
I don’t really understand, how having 15 possible logins to the same account, is not less secure than having only one.
How is having 15 chances, the same as one?

Hi team,

I would like to request the addition of a feature in ProtonMail that allows users to disable alias logins or restrict login access to specific aliases.

Currently, aliases can use the same password for login, which raises security concerns as it feels like having multiple back doors that could be exploited if an attacker gains access.

Implementing a way to manage alias login permissions or disabling them entirely would enhance security and align with best practices for credential management.

Thank you for considering this feature request.

I m shocked that I can login with aliases, this is really bad.. We really need an option to select the login username, especially as more services are linked now.. We use same account for passwords, vpn and mail

I was surprised I could login with all my aliases.
They're aliases, not accounts, so I really wish other people couldn't (try) to login with those emails.
I don't want to use randomized email aliases for everything, so that's why I use protonmail aliases for more important things, but dont want the ability to login with those emails... hope they can add an option to turn it off and only be able to login with the account email

We need to share this as much as possible with the entire Proton Commujnity. This is a very very very important and critical issue.

This is critical. Allowing login with any of the alias emails is a serious security risk. I *never* use the primary email in order to protect the account from hacking but Proton undermines this by allowing login using other emails. Please fix this serious risk ASAP.

I'm back here reaffirming the importance of this feature to me. This feature which I use with Microsoft Account has saved me from attempted hacking / account take over attempts. I can put my "Main" email address out there without that same identifier being the login address for my account.

With data breaches happening all the time and our email information getting put out there, having a way to secure that email account by using an alternative identifier for log in is critical in maintaining account security. Please implement this feature.

I literally just signed up for uservoice for the sole purpose of voting for this suggestion. As an Unlimited paid Proton user, I'm reluctant to use any of my other email addresses anywhere because like others have said, it increases the possibility of someone being able to hack into my account. After learning these emails can all be used to log in, I'm going to deactivate the vast majority of them (nullifying one of the big benefits to being a paid customer). Proton, please fix this... pretty please with a cherry on top!

You could simply append your username to your password (e.g. SecurePass-john.smith). This way the attacker also needs to guess your username and password.

At the moment when you create an alias there is no way to turn off that alias or main username as a login vector.

You should add the ability to turn off all forms of sign in Usernames/Emails but one. Of a user's choosing.

So, let a user keep his main username/email activated as a login vector and let the user turn off others that they do not want as a login.

Also if a user wants an alias to be his main login let them add it as a login and then let them have an option to turn off their main username as a login vector.

Similar to how Microsoft Outlook lets you choose to turn off any emails and phone numbers as a way to log in.

This feature is of highest importance. It is the only thing I was disappointed about when switching to Proton. Please, Proton, allow us to select which usernames/email addresses can be used to log in.

Implement the option to choose which aliases are allowed to login in the Proton ecosystem. I mean the aliases that are created with Proton Mail, not with SimpleLogin.

This is a critical issue. Without that, having multiple address is just multiplying the risks...
Please Proton team, make a rule or a setting to only allow login from the "default" address selected.