For more secure account recovery, provide an implementation of Shamir's secret sharing, to be used for retrieval of one's master password in the event it is forgotten. Either allow users to download a Python file from your website that implements Shamir's secret sharing algorithm accompanied by Proton's signature or a hash of the file, OR provide a Shamir's feature directly in Proton Pass or other browser extension.

Why? Say I get arrested and police confiscate my devices. After a few weeks or more in jail, I forget my master password. Of course I didn't write my recovery phrase on a piece of paper or an unencrypted flash drive hidden in my closet or at the bank, because the police have a warrant to seize all my stuff. Now I'm locked out and all my critical e2ee data is gone. Even if I could recover my account via a friend, now my data and freedom depend on my one friend not cooperating with the government, who might put a lot of legal pressure on said friend.

For the best security I could manage, I want to use Shamir's secret sharing [1] to give out shares of my password to N of my friends, but only require retrieving back K shares from my friends in order to reconstruct the password in the event that I forget it. (K < N in case some friends die or lose their shares.) This is the algorithm likely used to protect the top level keys of DNSSEC [2], sometimes called the "keys to the internet". However, I can't trust any of the current public implementations [3] of Shamir's algorithm. But I already trust Proton with my master password, so using an implementation provided by Proton would introduce very little risk and save me from having to make my password shorter and more memorable or backed up in less secure ways.

[1] https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing
[2] https://web.engr.oregonstate.edu/~rosulekm/crypto/chap3.pdf
[3] https://www.reddit.com/r/cryptography/comments/1et5hy0/shamirs_secret_sharing_for_common_people/