Skip to content

How can we improve our accounts settings, payments or plans?

← Accounts & payments
'Add a username generator feature to Proton Pass' has been merged into this idea

Add Recovery Phrase Verification Tool (Without Resetting 2FA)

Description

Currently, ProtonMail users cannot verify whether their stored recovery phrase is correct without initiating an actual 2FA reset process. This creates uncertainty about whether users have properly saved their recovery credentials and could lead to account lockouts if the saved phrase is incorrect.

Feature Request:
Implement a dedicated "Verify Recovery Phrase" option in the security settings that allows users to:
- Input their recovery phrase to confirm it matches the one on file
- Receive immediate confirmation of whether the phrase is correct
- Do this without triggering any actual account recovery or 2FA reset

Benefits:
- Peace of mind: Users can periodically verify they have the correct recovery phrase stored
- Proactive security: Identifies issues with stored recovery phrases before an emergency occurs
- Reduced support burden: Fewer users locked out due to incorrect recovery phrases
- Better user experience: No need to go through a disruptive reset process just to test credentials

Implementation suggestion:
Add a "Verify Recovery Phrase" button in Account Settings → Security → Two-Factor Authentication section. When clicked, it opens a dialog where users can enter their phrase and receive a simple "✓ Verified - This recovery phrase is correct" or "✗ This recovery phrase does not match" message.

This feature would align with security best practices by encouraging users to regularly verify their backup access methods without compromising the integrity of their current security setup.

15 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

sierra shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Privacy101 commented  ·   ·  Report

    Summary:
    Proton should offer a privacy-respecting method for users to verify whether their recovery phrase matches their current account setup—without exposing data or compromising encryption.

    Details:
    Currently, users have no way to confirm if their recovery phrase is still valid after regenerating it. This creates a risk: if someone accidentally deletes the new phrase and the old one is no longer valid, the user may be locked out with no warning.

    A simple verification tool in Settings → Security could allow users to input their recovery phrase and receive a confirmation (yes/no) on whether it matches their current encrypted key. This could be done locally in the browser using zero-knowledge cryptography—similar to how password managers verify master passwords without storing them.

    This feature would:

    • Help users avoid catastrophic lockouts
    • Respect Proton’s privacy-first architecture
    • Require no server-side access to user data
    • Be especially useful for users who rotate recovery phrases or manage multiple devices

    TL;DR:
    Proton should add a secure, local-only tool to verify whether a recovery phrase is valid for the current account—without revealing or accessing any user data.

Accounts & payments: Accounts

Categories

Feedback and Knowledge Base

(thinking…)