Accounts & payments
123 results found
-
Stop advertising recovery options as 'Security'
Just got another mail to add recovery options to my account in order to increase 'security' or 'safety'. I don't know in which dimension adding another attack vector to the account increases account security in any way. Yes, regular users forget passwords but that doesn't mean you have to advocate for watering down account security on a mass scale, because:
- users who usually forget their passwords also squander around with recovery keys
- users who use other means of recovery (additional e-mail accounts and so on), also usually have bad account security for those recovery methods.
Please rephrase this properly and…
3 votes -
2FA Authenticator App algorithm upgrade beyond SHA-1
Appreciate 2FA authenticator app support in the solution.
Would like to see support for not just SHA-1 (known insecure) hashing algorithms for code generation but also SHA-256 or SHA-512.
Bitwarden supports SHA-256 in their solution.
15 votes -
Passwordless login using hardware key / passkey only
Enable the user to use a FIDO2 hardware key or an iOS or Android biometric passkey as the sole login method for users that desire it. It would be for all Proton services, in my case mail, drive and pass.
I would like to eliminate using passwords altogether and solely rely on a passkey in my iOS Passwords app OR my Feitian FIDO2 hardware key with fingerprint sensor.
Requiring multiple keys would be a way to help prevent users from locking themselves out.
1password is currently in beta with passwordless login and google already supports it.
3 votes -
Setup for catch-all and wildcard aliases with SL & PP
I would like to request support for Fastmail/Migadu-style catch-all aliases in Proton/SimpleLogin, where any email sent to
*@*.example.com—including all subdomains of a custom domain—is automatically delivered to my main mailbox (e.g., example@example.com). This would allow users to receive emails sent to any subdomain without manually creating aliases, simplifying email management while keeping full control over a custom domain.4 votes -
Show the Proton account creation date in the settings
To mark the 10 years anniversary of Proton, many look back at when their accounts were created. Showing a simple "Account created on ...." on the Dashboard or Account section of the settings would be nice to keep the date in mind. Also that helps knowing when anniversary storage drops will fall! :D
157 votes -
Recovery phrases shouldn't be instant access – A safer alternative: recovery phrase + delayed access
First of all, I don’t see the real value of the current recovery phrase. If someone securely stores their master password and TOTP seed, those already provide full access to the account – just like a recovery phrase does. So what’s the actual benefit of having a separate recovery phrase in this setup?
Sure, I understand that a recovery phrase that bypasses 2FA is more convenient, but from a security standpoint, it's essentially the same as handing over full access – there's no meaningful distinction.
In practical terms, both a recovery phrase and a written-down master password + TOTP seed…
7 votes -
Easier Management of Multiple Proton Accounts (with Admin/Billing Role)
As a small business owner, I often manage multiple Proton accounts – for example, one for personal use and others for different projects or clients. While Proton is already a great tool, handling multiple accounts could be made a lot more convenient.
What would help:
The ability to link and switch between multiple Proton accounts within the same interface, without constantly logging in and out.
An option to set different billing addresses and email contacts per account. This would be especially useful when managing subscriptions for multiple businesses or teams.
A centralized view where I can see all active subscriptions…
7 votes -
Allow password reset without losing all data
Allow users to configure if they want data to be encrypted in case of a password reset.
My data is not highly confidential or interesing to others. For me the risk of losing everything after a password reset is much higher than being compromised.
So it would be great to be able to turn off the invalidation of the encryption keys in the event of a password reset.
3 votes -
easier access to my account management
I'm getting confused how difficult it is to access the management of my account, to see for instance my subscription plan.
I have received an e-mail tell me my plan has been renewed and there is a link to go to a dashboard to be able to cancel or adjust my plan.
Until here everything is fine but when I click on the link I'm redirected to a web page with all the apps and no where I can access my account...
Tried a random app to see if I can access my account, selected calendar but it was the…3 votes -
Greater Clarity
I have been a bit disappointed with Proton. It seemed to be perfect for me, and I thought the lowest paid subscription would cover all that I needed. I read carefully what was offered, but I soon discovered, one at a time, that I had to up the ante, so I ended up having to pay double what I had expected. That was reluctantly accepted, only for me to discover,which is not clearly stated as far as I can tell, that there is no app for Linux on Proton Drive. That is nearly a deal-breaker for me, and it seems…
6 votes -
App-based MFA
I like the way that Discord, Steam, Github, Apple, etc do their logins, which is by a phone app that prompts you with a notification and you have to enter the code that it says on the computer. This would be a really convenient way to log into Proton rather than having to use your phone for 2FA. Some of the apps I mentioned also do a qr code thing to log in which is super convenient as well.
3 votes -
Auditing/logs: Generate a log entry or increment counter for any sent or received emails.
This would be a powerful tool to monitor for covertly diverted or transmitted emails. The log entry would not have to include any information about the email, just that an email was sent or received. It can be left up to the user to correlate it with their messages.
2 votes -
4 votes
-
Implement passkey upgrade .wellknown for proton accounts
This is separate from https://protonmail.uservoice.com/forums/953584-proton-pass/suggestions/48670034-automatic-passkey-upgrade as it's for proton to have this themself, rather than for proton pass to support such.
The domains should be https://account.proton.me/ and https://account.protonvpn.com/Googles info on such: https://developers.google.com//identity/passkeys/developer-guides/upgrades/
Github: https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md
and
https://w3c.github.io/webappsec-passkey-endpoints/passkey-endpoints.htmlThis would allow easier setup of more secure proton accounts, and in the future when proton pass supports such, easier passkey setup in such for proton accounts themself.
26 votes -
remove an email
How can I move an email from one account to another in the Duo offer?
2 votes -
Allow us to create other accounts with custom domains we already have tied to existing accounts
Having me be able to use a custom email domain for my account is cool, however, limiting what I can do with the domain that I PAID FOR, is entirely overstepping boundaries. I should be able to create a new email under my account using my custom domain, and then be able to create an entirely separate proton account using that email with my custom domain. Just because a domain is tied to one proton account should not stop it from being able to create other proton accounts, all this is making me do is consider not using proton to…
7 votes -
I would very much like to have My preferred icon rather than mere initials on My account.
All other places I have been allowed Me to personalize the icon, but I see no way to upload an image to use, and would like very much for that to be an option.
155 votes -
Have a sales team that actually answers your requests
On 2 occasions I reached out about our interest for migrating to Proton for business, both times I got an answer telling me how excited you were to help us and asking for more information. I answered twice and never got any answer. Is it because we are too small of a company?
This is very disappointing, we were very interested by your solutions, but I guess we will have to find a different approach to better secure our information...2 votes -
Allow different display names for account vs email profiles
In Mail I can create multiple profiles with different display names (e.g. test@pm.me shows “Jack”, test@protonmail.com shows “Jack Frost”). That’s super useful.
But those names get pulled into my Proton account and other services (Drive, etc.). It would be great if the account could show a different display name or nickname without forcing the email profile names onto everything else.
I’d prefer to use a nickname for my Proton account, while keeping my email profiles the way I configured them.
2 votes -
OAuth flow for external applications to use to access Proton services
Allow developers to implement their own apps integrated to the Proton enviroment and, through an auth flow, get the required permissions to use users accounts
Examples of implementation
Proton Drive SDK (Existing Proton Drive SDK implementation of authentication and app indentification is easily forjable and apps wth bad intentions will store user credentials)
A future Proton Mail SDK (which would allow open email clients like Thunderbird to implement Proton Mail without the need of Proton Mail Bridge)
Proton VPN SDK (An SDK where apps can tunnel requests via a Proton VPN server)
Proton Docs & Calendar SDK (SDK to develop…1 vote
- Don't see your idea?