I use my Linux-based computer with full disk encryption, automatic lockscreen after 10 minutes (even though I live alone and no-one else has physical access to it), I use separate browsers for specific purposes with different combinations of private mode and cookie deletion, a VPN and I top this all off with Firejail to sandbox my software and browser extensions. When I go to check my email, I have to enter a username, password, 2FA, then finally a mailbox password and... I find I can't be bothered before I even start. I have my logins in a password manager but since I'm careful to not run extensions due to the sandboxing, I've had to insecurely save them in a text file and copy/paste them from there instead. No, I don't save passwords in any inbuilt browser password manager. At least I have a lockscreen, FDE and Firejail and my computer always stays in my house, right?
Now, compare this with the Android app:
Login once, set a short PIN. Enter PIN to check or send emails. That's it. Now I'm permanently logged in on a tiny portable device that can easily be shoulder surfed for the PIN and stolen. All on this inherently insecure platform rife with keylogging and screenshotting malware downloadable straight from Google's own Play Store. I don't use the Android app for this very reason, thereby removing the one and only quick and easy way to check my emails.
It's actually easier to use Protonmail with lesser security by using a phone app with a short PIN on a known insecure platform than on a, by comparison, reasonably hardened desktop computer. This is definitely not secure. It's almost like you're hoping to see everyone's email address appear on haveibeenpwned.com. Who's to say that Google haven't stepped aside and let their best friends at the NSA develop the hot new game of the moment and hand it out free to everyone.
I would, in my use case, be happy to see:
"I understand the risks..." message and a selection for something like:
"Set a cookie to keep me logged in for 1 Day / 1 Week / 1 Month / Forever"
I'm pretty certain that I'd set mine to "Forever" due to the confidence I have in my personal setup. Then I'd have just the one extension-free browser to pop up and close multiple times a day. Why not even do this but with a (user optional) PIN? Why such a disparity between phone apps and desktop access? Until then, Protonmail might well be a secure email service but with all the (unnecessary for me) hoops to jump through, it's more of a curiosity for now. Protonmail is definitely not something I'd pay for - I'm not a masochist and I'd feel buyer's remorse for sure. If you can't tell, I like security. I also like usability. The disparity beggars belief when phone app users get all the usability but more serious security enthusiasts get all the hassle. I have an account I don't even use because of all of this. I want to like Protonmail, I really do.
CC
I use my Linux-based computer with full disk encryption, automatic lockscreen after 10 minutes (even though I live alone and no-one else has physical access to it), I use separate browsers for specific purposes with different combinations of private mode and cookie deletion, a VPN and I top this all off with Firejail to sandbox my software and browser extensions. When I go to check my email, I have to enter a username, password, 2FA, then finally a mailbox password and... I find I can't be bothered before I even start. I have my logins in a password manager but since I'm careful to not run extensions due to the sandboxing, I've had to insecurely save them in a text file and copy/paste them from there instead. No, I don't save passwords in any inbuilt browser password manager. At least I have a lockscreen, FDE and Firejail and my computer always stays in my house, right?
Now, compare this with the Android app:
Login once, set a short PIN. Enter PIN to check or send emails. That's it. Now I'm permanently logged in on a tiny portable device that can easily be shoulder surfed for the PIN and stolen. All on this inherently insecure platform rife with keylogging and screenshotting malware downloadable straight from Google's own Play Store. I don't use the Android app for this very reason, thereby removing the one and only quick and easy way to check my emails.
It's actually easier to use Protonmail with lesser security by using a phone app with a short PIN on a known insecure platform than on a, by comparison, reasonably hardened desktop computer. This is definitely not secure. It's almost like you're hoping to see everyone's email address appear on haveibeenpwned.com. Who's to say that Google haven't stepped aside and let their best friends at the NSA develop the hot new game of the moment and hand it out free to everyone.
I would, in my use case, be happy to see:
"I understand the risks..." message and a selection for something like:
"Set a cookie to keep me logged in for 1 Day / 1 Week / 1 Month / Forever"
I'm pretty certain that I'd set mine to "Forever" due to the confidence I have in my personal setup. Then I'd have just the one extension-free browser to pop up and close multiple times a day. Why not even do this but with a (user optional) PIN? Why such a disparity between phone apps and desktop access? Until then, Protonmail might well be a secure email service but with all the (unnecessary for me) hoops to jump through, it's more of a curiosity for now. Protonmail is definitely not something I'd pay for - I'm not a masochist and I'd feel buyer's remorse for sure. If you can't tell, I like security. I also like usability. The disparity beggars belief when phone app users get all the usability but more serious security enthusiasts get all the hassle. I have an account I don't even use because of all of this. I want to like Protonmail, I really do.