Core Proton Account Name Shouldn’t Be a Permanent Public Identity
The core Proton account name (e.g. firstname.lastname@proton.me):
- Can’t be changed
- Can’t be disabled
- Can always be used for login
- Is also most users' default email
- And is now tied to your Password Manager, Drive, Wallet, and future services
That means the most guessable part of your identity becomes your permanent digital root key.
If your name has ever been leaked, attackers now know:
- Your likely login email
- Your Proton identity
- Your cloud, password vault, crypto hub access point
And worse: you can’t revoke or hide it.
Meanwhile aliases can be deleted or turned off, but not the one thing that’s most vulnerable.
Suggested Fixes:
- Allow login only with select names or private IDs, not all linked aliases
- Let users disable or change the core account address for login
- Support full obfuscation for login credentials and recovery separation
This isn’t about convenience... it’s about designing for real-world threat models.
Right now, one breach could lead to a total compromise.
The addition of Wallet raised the stakes significantly.
Please take this feedback seriously. Related/similar topics date back until 2017.
Anonymous
shared this idea
-
Buster
commented
Agreed on all 3 suggested fixes. It’d be nice to only log in only with a non-public address.
-
Martin
commented
this is an amazing point and something that should get added