Please allow the users choose which email address can be used to log in, so only the primary address and/or selected aliases work. As currently every alias can sign in is a major security risk because leaked or exposed aliases widen the attack surface. Most of us use aliases only for communication, we dont need that to be used for log in.

Important feature.

By far the number one feature I want. I'm shocked it's not already a built in feature - this before all else and I'll even contribute money to a pool to move this issue up if that were an option.

Would like to be able to designate login user id so only 1 can be used.

I think it would also be nice to designate a list of aliases and rotate login Id at a specific time interval so that it is harder to guess.

Should allow a control to limit logins to only primary or selected user IDs.

Please do it now! No question!

I share the concerns expressed by other users. I have purposefully kept my main proton account email secret to limit the attack surface to my proton services. It was a little shocking to learn that logins could be attempted from any proton alias that I use. I hope this will be addressed soon.

Same issue, it's a big security issue.

+1000

This is why I don’t use Proton as my main email: I can’t rely on an address that grants direct access to my most private data.

+1

This is a huge hole/bug imo

Yes please! I can't imagine this would be too difficult to implement. It could be left turned off by default so it wouldn't cause problems for anyone used to logging in with the aliases but would give much peace of mind to those who like that feature on other providers like Microsoft Outlook.

I was going create this request too ! It's very important for security !
Someone with a secondary address will never be able to hack me

I find this feature important for security. One secret address as user name for login and few aliases to share.

What about those of us who use an alias to login to a different device?

For example: I have an alias for my laptop as my main login is used on my phone, and using rules to keep the email in their own folders.
In this case, by restricting access to aliase logins, it would mean that I'd have to either login using the same credentials on each device, or have a second account for my laptop.

Unless there's another option I'm not aware of?

I think this is similar: https://protonmail.uservoice.com/forums/284483-proton-mail/suggestions/47611028-choose-which-alias-can-log-in-to-proton

You are currently able to log in to a Proton service using any of your email aliases. A user should have the option to disable account logins for anything other than their original account username.

I was going to create a similar request in this direction: select the Email Alias/Identities allowed to log in.
This is a feature included in outlook.com
The security benefit is obvious. You can have 1 clean email/alias/identity not shared or used anywhere for login. While the others, even if leaked are useless for login.
In my view, this is a critical one to have.

I think "additional addresses" that I have paid for I should be given the option where I can enable or disable the ability to login using that email address. Because you will not find out about a leak until after the leak or breach happens... There is a lag... Gives time for hackers to try to break into your account. If the additional address is not enabled to be logged in, then there is no way for them to get in. I have 2FA enabled which uses some authenticator app on my phone. But i have heard about phones being taken over. So, much harder to break in an account if they can never get into it in the first place unless they know the account email address. Besides, I do not have faith in some A.I. sential because it has been proven that a lot of A.I. out there has delusions.

Wow, you are absolutely right. They really said exactly what you mentioned in my Reddit post. I don’t really understand their perspective. Maybe they have sophisticated algorithms to prevent it, but I don’t think so. I believe their sentinel is just a logging mechanism with system and human monitoring—nothing more. It seems more like they are being overconfident to me. To me, it’s the same as 15 accounts using the same password. I regret becoming a paid user.