Skip to content

How can we improve our accounts settings, payments or plans?

← Accounts & payments

Recovery phrases shouldn't be instant access – A safer alternative: recovery phrase + delayed access

First of all, I don’t see the real value of the current recovery phrase. If someone securely stores their master password and TOTP seed, those already provide full access to the account – just like a recovery phrase does. So what’s the actual benefit of having a separate recovery phrase in this setup?

Sure, I understand that a recovery phrase that bypasses 2FA is more convenient, but from a security standpoint, it's essentially the same as handing over full access – there's no meaningful distinction.

In practical terms, both a recovery phrase and a written-down master password + TOTP seed effectively reduce account security to single-factor access (1FA). Anyone in possession of either of those combinations can gain immediate access. That’s a significant security concern.

In my opinion, the purpose of a recovery phrase should be rethought. Instead of granting immediate access, it could initiate a delayed recovery process – say, 24 hours, 48 hours, or even a week. During that time, the account owner could be notified and given the option to deny the recovery attempt.

Basically, the security of 2FA is preserved by breaking it down into 1FA + a delayed access mechanism.

This approach would strike a better balance between usability and security. Users still have a way to regain access if they lose credentials, but it adds a critical layer of protection against abuse.

An added benefit is that it would make it safer to share the recovery phrase with a trusted person (e.g. in case of emergency or death), since they wouldn't be able to gain instant access.

5 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

rpaulson shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • rpaulson commented  ·   ·  Report

    With the new Emergency Access feature, it's now possible to set up a recovery phrase that includes a delayed access mechanism. Proton subscribers can create a second free account (if permitted by Proton) and designate it as a trusted contact.

    By securely storing the recovery phrase for this secondary account, users can ensure immediate access to this trusted account, which in turn provides delayed access to the primary account. This setup offers an additional layer of security and control for account recovery.

    That said, IMO it would be ideal if this workaround weren’t necessary, and the recovery phrase itself supported delayed access directly.

  • rpaulson commented  ·   ·  Report

    ADDITION: 1Password preserves 2FA by requiring email verification during recovery. However, this approach is far from ideal. Many users store their email credentials within the password manager itself, creating a circular dependency with no clear point of entry in case of lockout. In my view, a delayed access mechanism would be a more practical and robust solution.

Accounts & payments: Accounts

Categories

Feedback and Knowledge Base

(thinking…)