One of the things that keep me up at night as the broad exposure given to my data anywhere I am signed in on my proton account. Here's some threat examples:

• Suppose I am signed in to my email on my phone, should my phone or that email app ever become compromised, literally every email and the ability to send and receive future emails to/from all addresses (should the compromise remain undetected) belongs to whoever compromised it
• Suppose I wish to store extremely sensitive passwords alongside less sensitive ones, one proton pass login allows access to all of it
• Same goes for proton drive, if I have sensitive photos and documents along side general notes and such, one password unlocks it all unilaterally.

I'd like to essentially see an opt-in capability to create an arbitrary number of partitions, each with unique keying, and criteria for what uses that keying. E.g:

• On proton mail you could elect that certain sender or recipient addresses go into certain partitions, along with a default
• On proton drive, you could drill down first into a particular partition, and then everything beneath it is uniquely encrypted; this is essentially the same idea that proton pass would use

You would be able to unlock none, one, or any combination of available keys to access the partitions and that access would be established with a password (unique per partition), and the partition would be unlocked for the duration of your login session, cleared at logout.

If I had this functionality there would be certain things, I could stratify by sensitivity as well as separation of concerns, e.g. I do not need to decrypt my phone's photo library every time I access proton drive, I don't need to decrypt tax returns to work on my writing. I don't need to unlock all my most sensitive emails from my phone just to have access to hotel and transit emails whwen on travel, and if I do need access to additional emails, I can decrypt just the level I care about and close access afterward. Ideally proton can optionally require a 2fa auth to retrieve the additional data so that even if someone caches the keying material somehow, they still won't get future data after closing the partition.