Accounts & payments
112 results found
-
Provide option for 2FA that hassles me less often
Having to grab my phone and get a code from Authy every time I want to check my mail is a major PITA. Google only asks for your second-factor authentication
A) every 30 days or
B) when you use a new app to login or
C) when you use a new machine to loginB and C are obviously required. Now, Google's 30-day period before reauthenticating might be too long, but I think users should be able to select how often then want to be required to provide a second-factor code. Allow users to require 2FA every time if they…
43 votes -
Visionary Multi-User Support
Instead of creating new Member within the Organisation, let us "add" People that already have an Protonmail Account to our Organisation.
The benefit of that is, the Member will keep it's own Account even after he leaves the Organisation and the Admin/Visionary User just have to allocate the Addresses and Storage!
Simply said: The Admin Creates the Organisation and Add Member with their existing Protonmail Address. If the Member is on a Free Plan, he will get the benefit from the Visionary User.
When the Member leaves the Organisation, he will then fall back to the Free Plan.55 votes -
Disable login from some/all alias addresses
I would like for it to be possible to disable login using some or all the alias names, so that it is only possible to log into protonmail by using my original login name, which I set up when opening my account, and which I keep secret.
139 votes -
An ideal to stop fishing site
Add a new functionnality where in the settings you can edit a sentence that will be stored encrypted.
It will only be decrypted and shown to you after your enter your login password but BEFORE you enter the mailbox password.
This way if the network is compromised and you end up on a protonmail fishing site, you will only have given the login password and NOT the mailbox password.
This will be especially helpfull when a tor address will be made available.168 votes -
please add fido u2f support. not only OTP.
2FA: please add fido u2f support. not only OTP.
93 votes -
Option to permanently delete private keys
Provide an option to permanently remove/delete inactive (therefore actually unusable, in case of forgotten password) private keys from the list in the account settings to avoid cluttering.
22 votes -
Wrong password limit
I suggest to add incorrect password limits.
a) For IP - eg. 5 incorrect passwords in 20 minuts from one IP will block logging in to ANY account from that IP for eg. 30 minutes.
b) For account (configurable in account settings) - X incorrect passwords in Y minutes/hours will block logging in from ANY IP not added to whitelist (in account settings) for Z minutes/hours and send notification to recovery email.c) After successful login show warning if there were any login attemps (invalid password).
189 votes -
Link already existing ProtonMail addresses to your current account address.
Being able to link already existing ProtonMail addresses to your current account address, thus making it easier to manage multiple ProtonMail Accounts.
44 votes -
Be able to change Username
Right now if I sign up as username@protonmail.com, there's no way to change it, for instance to user.name@protonmail.com. Even though u.serna.me@protonmail.com and use.rname+change@protonmail.com already goes to username@protonmail.com.
Seems like we should be able to change this if we like!
14 votes -
Login using SSO
Allow employees to login using central user repository such as AD or OneLogin, typically using SAML.
29 votes -
Add security questions
You can add security questions on resetting password - after clicking link sent to recovery email, before you can enter new password, you should answer two (or three) security questions.
This will be additional security for resetting password.
153 votesAt this point, security questions have been shown to not be an effective way to validate a users identity. At this time the recovery email address is our sole means of identifying users ownership of an account.
-
All session logout cmd and session time limit expiry
I'd like a command facility where we can log out of all open sessions, similar to that google offers. I'd also like a session expiration timelimit option... i've left my protonmail account open in a browser and come back several days later to hit refresh only to find that it refreshes fine without requesting login details again.
Personally, for a service that is about privacy retention.. these seem like massive oversights and at the very least a session inactivity logout feature should be in place... think along the lines of payment gateways and how sessions expire if you're inactive for…
38 votes -
Put a country flag in security log entries
The security log fails to give the user a clear idea of who logged in. Just by the time and some ip adress it's difficult to distinguish me from a hacker.
Therefore, I propose there is a country flag in the security log entries. This way I can just take a quick look at the logs and if somehow someone in say cuba, china, russia whatever logged in, I know for sure that wasn't me.
Now obviously a hacker would use Tor or some other form of proxy but that proxy would still most likely be located in some other…70 votes -
Eliminate the .ch domain and leave only the .com
All accounts ProtonMail bring by default the domain .ch and .com
We don't all live in Switzerland
So we don't want to have there the domain .ch
276 votes -
Allow login username to be different from email and aliases
You can effectively make your login username a barrier from even giving hackers a starting point to get into your account. Since with this feature they would need to know your username first. This should squash any determine hacker and allow great protection to long term protonmail accounts for years to come. Thoughts of "working on hacking this account may take time" is diminished wouldnt ya say?
200 votes -
Give us the possibility to remove payment method once we have been billed. There is no reason to store this information on your servers.
Give us the possibility to remove payment method once we have been billed. There is no reason to store this information on your servers.
It would be even nicer if you wouldn't store this at all and ask for it only when payments are to be done.21 votes -
Duress Password
A password which can be entered in times of coercion to reveal the mailbox password. When used a security mechanism (eg. wiping the mailbox) can be employed
341 votes -
Password Reset via Number
Ability to do Password Reset via Phone Number registered in ProtonMail or to download an Enceypted SecurityKey/File when signed into ProtonMail that could be used to verify ownership of lost ProtonMail account.
Technology and Security like DarkMail.
21 votes -
Changing email adress
Change ProtonMail email adress
10 votes -
Dead mans switch / legacy settings / post mortem
set something up where if your account goes inactive (no log in etc) for a settable period of time a preset email will be sent to a preset address.
example i set up something so if i dont log in in 3 or 14 or 30 or 90 days etc (let us choose how long) a message i have already set up for this will be sent..
this would have a few uses and is also a pretty decent fallback to losing your account info if you dont set a 2nd account.. you could even send yourself your own forgotten…
149 votes
- Don't see your idea?