Skip to content

How can we improve our accounts settings, payments or plans?

← Accounts & payments

Duress Password

A password which can be entered in times of coercion to reveal the mailbox password. When used a security mechanism (eg. wiping the mailbox) can be employed

344 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Tristan shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Report

    I was about to make a suggestion like this but I'm glad someone else thought of it.

    This is what I was going to post:

    -------------------
    Device-specific alias visibility

    The ability to toggle visibility of an account's various aliases (and thus the existence of e-mails associated with those aliases) based on either what device you're logged into, or in the case of Android/IOS, what PIN you unlock the app with. The "duress PIN" approach for mobile devices might be easier to implement.

    This would be useful for journalists, attorneys, political activists, etc in places where the state of being on the wrong side of the mood of a corrupt authority figure who can coerce an unlock would put their confidential contacts and other sensitive information at risk.

  • LUH3417 commented  ·   ·  Report

    This a great idea. To have a separate password display a previously organized secondary inbox, with trivial emails.

    But, since this feature would be of most value in third world countries, who suppress freedom of expression, such as China, Russia, Turkey, etc., please offer it to free accounts also, not just paid accounts.

  • user6160 commented  ·   ·  Report

    A great and essential feature. While I don't know that I require this function now or in the near future the same is not true for others.

    For many, many people in all parts of the world this feature could literally save a life or allow a person to avoid an indefinitely long stay in a 'labor camp' managed by the Supreme Leader. Use cases are abundant and documented.

    This is an essential feature that would seem to be at least somewhat related to Protonmail's reason for existence.

  • Anonymous commented  ·   ·  Report

    Great idea. I think when the security password is entered perhaps there should be a dancing meme of Christmas elves. That should be interesting!

  • Anonymous commented  ·   ·  Report

    Great idea.

    Should be option to require correct TOTP code or just a password.
    And option to wipe only selected folder / tagged messages (so attacker will still see less confidential messages).

  • Z commented  ·   ·  Report

    Good point about indications of which password was used. If used perhaps an email to the recovery address after resetting to some default inbox? Hope to see more interest in this.

  • Anonymous commented  ·   ·  Report

    if a very specific, duress password is entered, the mailbox should self-destruct, or delete all emails, or reset to a default view displaying only a few "public" emails, without any indication to the user that this has been done. If people know about the duress password feature (i.e. it's advertised on the proton mail website), then coercers will know if it had been used. deleting all private and uncategorized emails, and displaying only public emails would probably be the best auto feature

  • Z commented  ·   ·  Report

    Depends on implementation requirements and amount of interest. I have put some thought into Tristan's idea. This idea could make hacking more difficult. Just think if they guessed the wrong password... Other things to consider also, but I'm genuinely interested in this.

  • Enzo commented  ·   ·  Report

    I just saw under review and it's been a year. Probably not going to be implemented?

  • Enzo commented  ·   ·  Report

    Wow, this should be more popular. I don't think many people have thought about it.

    Normal password works, working password doesn't. Special password wipe everything.

    Genius idea

  • James commented  ·   ·  Report

    that is a great idea. I'd love to see something like that implemented.

  • Z commented  ·   ·  Report

    This is a great idea Tristan. I am very interested in this as well.

  • HaKr commented  ·   ·  Report

    Like, for example a password which would regen the encryption keys so all old mail was unreadable.

  • Anonymous commented  ·   ·  Report

    Awesome idea! Aegis Secure Hard Drives support this feature and that's why I own one.

  • Cameron Taylor commented  ·   ·  Report

    I've wanted this email feature for years, but have never found a provider offering it.

    A related feature would be to have multiple users for the same email address, so you could put a user with lower authorisation on the phone app, which can only read emails from specified senders, and have the user with full authorisation on the desktop browser.

  • Anonymous commented  ·   ·  Report

    Genius idea, considering the fact that the Gov. can send you to jail simply for refusal to "hand over" your cryptographic key(s)*.

    Our dystopian future is in writing,

    http://motherboard.vice.com/read/how-refusing-to-hand-over-your-passwords-can-land-you-in-jail
    http://www.legislation.gov.uk/ukpga/2000/23/section/53

    [*Not that I'm implying you're doing anything of questionable legality, your simply concerned, as you should be, about your privacy.]

Accounts & payments: Accounts

Categories

Feedback and Knowledge Base

(thinking…)