Right now it's basically impossible to properly change / replace the primary external (non-Proton) recovery/login email address — please make it feasible.

As of early 2026, changing the primary external email (the non-Proton address used for account recovery + alternative login) it's impossible. You have to create a new account with a new "external adress" and transfer the data from the old account. Attempt a risky manual deletion → potential lockout stress if anything goes wrong during the transition.

Actually, the core issue isn't the technical difficulty of changing the primary external (non-Proton) recovery/login email — it's the fact that Proton effectively forces users to keep their original external recovery address for life.

Many users switch main emails over time (old Gmail → new Outlook → iCloud → custom domain → etc.), and being effectively stuck with the original external recovery address for life feels outdated and user-hostile compared to almost every other major email provider.

Adding this core feature would make the process safer, intentional, and actually usable — without forcing users to stay locked to an old external address forever. "Forcing" users to keep a lifetime e-mail adress goes also against the good practices of privacy and security :

=> Violates modern security hygiene principles :
Good security practice recommends rotating all recovery methods over time — just like passwords, 2FA backup codes, recovery phone numbers, or security questions.
A recovery email that cannot be fully replaced becomes a permanent single point of failure for the entire account.

=> Creates a lifelong privacy leak :
The original recovery email (often an old Gmail, Yahoo, Hotmail, etc.) is frequently the one most connected to your real identity, past data breaches, advertising profiles, and cross-site tracking.
Being unable to remove it means you are forced to maintain a privacy-compromising link to your Proton account indefinitely — the exact opposite of what a privacy-first service should do.

=> Creates a lifelong privacy leak :
The original recovery email (often an old Gmail, Yahoo, Hotmail, etc.) is frequently the one most connected to your real identity, past data breaches, advertising profiles, and cross-site tracking.
Being unable to remove it means you are forced to maintain a privacy-compromising link to your Proton account indefinitely — the exact opposite of what a privacy-first service should do.

=> Damages trust in a privacy-focused service :
When a company that positions itself as the champion of privacy and security prevents users from following basic, widely accepted privacy & security recommendations, it undermines its own core message.

In 2026, keeping a recovery email immutable for life is not just inconvenient — it is actively harmful to both privacy and security, and stands in direct contradiction with everything Proton claims to stand for. Fixing this small but critical UX pain point would make the whole experience feel much more modern and user-respecting.

Thanks for considering this.

Any chance this could be prioritized in a future update ? 🙏

Appreciate all the great work otherwise! 🚀