This article explains how new Proton Mail account owners can maximize the security of their new account. Proton Mail secures your account with features including end-to-end encryption(new window); minimum tracking or logging(new window) of personally identifiable information; independently audited, open source cryptography(new window); zero access architecture(new window); and SSL secured connections(new window).
However, no system is 100% secure, and Proton Mail is no exception. That’s why we compiled a list of 11 key steps that reinforce the security Proton Mail offers.
We recommend that all Proton Mail users go through this checklist regularly. However, these steps are particularly important at the creation of your Proton Mail account. Starting off on the right foot builds a strong defense against any attempts to expose your data and creates good security habits.
Enable two-factor authentication (2FA)
2FA protects your account even if someone steals your password. When you enable 2FA, you must prove your identity using either a six-digit code generated by a 2FA authenticator app on a smartphone registered to your account or a physical security key registered to your account.
This is in addition to your Proton Account login details. Find out more about how to enable 2FA in Proton Mail.
Choose strong passwords and keep them safe
We recommend using a password manager that generates long, random passwords and stores them with end-to-end encryption. Never reuse passwords. Learn more about strong passwords(new window).
Don’t forget your password! You will not be able to read your old emails if you forget it, as the password is linked to your encryption key.
PGP encryption(new window) can dramatically improve the security of your communications. Proton Mail allows you to exchange end-to-end encrypted emails and attachments(new window) with Proton Mail and non-Proton Mail(new window) account owners in a simple, reliable way.
Encrypt and verify your contacts
Proton Contacts(new window) is the world’s first encrypted contacts manager. You have the ability to store certain contact details, such as phone numbers and mailing addresses, using zero-access encryption(new window) and digital signature verification(new window). These tools provide a cryptographic guarantee that no one has tampered with your contacts, not even us.
You can also use the trust Public Keys(new window) option when you receive a message from a trusted Proton Mail contact. The feature saves the contact’s public key and protects against tampering.
Note: Proton Mail has access to your contacts’ display names and email addresses in order to route your emails to the correct recipient and to provide advanced features such as auto-complete, spam filtering, and whitelists.
Check authentication logs
You can check your account for suspicious logins(new window) through the Authentication Logs feature available in your Proton Mail settings. Please note that Proton Mail will have access to your successful login attempts if you decide to keep this feature on.
Log out other sessions
If you are concerned that someone else has access to your account or you forgot to log off on a public device, you can log out remotely through your settings. Unless you explicitly log out or change your password, you will stay logged in to your account for up to six months. Learn more about logging out of other sessions(new window).
Beware of phishing
Proton Mail will never ask for your login credentials. Enter your credentials only into our official apps and websites:
- mail.proton.me
- account.proton.me
- account.protonvpn.com
Proton Mail provides additional anti-phishing protection(new window) with PhishGuard, DMARC protection, and link confirmation. If you receive a suspicious email, never click on the links or download attachments.
Note that all legitimate emails from Proton will have an Official badge. Emails that claim to be from Proton but don’t have this badge are likely phishing attempts.
Report phishing to Proton Mail
If you receive a suspicious email, you can report it through our Report Phishing(new window) feature.
Enable AppKey for Proton Mail iOS app
If you have iOS, AppKey adds another layer of protection to your Proton Mail data.
If your device is compromised and an attacker gets the key that unlocks your Proton Mail data, AppKey stops the attacker from accessing the data by verifying their identity. The AppKey is directly correlated to your biometric information or your PIN.
Learn more about how AppKey works with Protonmail(new window)
Keep your devices safe
The most effective hacks are often also the most low-tech. Device theft is one. Keylogging software and other types of spyware are also concerns. Be aware of your physical security when traveling and in public, and always set a password for your device. If you are using a public computer, don’t forget to log off!
DO NOT click the link or open the attachments in emails from unknown or unverified senders, particularly if the attachment is a .zip or .exe file. They might contain malware that compromises your device or your accounts.
Mark the message as spam(new window) to send future messages from that sender directly to your spam folder.
Protect your Internet traffic with a secure VPN
Proton VPN sends your Internet traffic through an encrypted VPN tunnel(new window), so your passwords and confidential data stay safe, even over public or untrusted Internet connections. We designed Proton VPN focusing on security, drawing upon the lessons we have learned from working with journalists and activists in the field.
Following these 11 tips will strengthen the security of your account, but staying safe requires vigilance and work by both you and the person you are communicating with. To stay on top of privacy and security news, follow Proton Mail’s blog(new window) and social media(new window) for the latest announcements and releases.
If you have any questions or concerns, you can contact our support team(new window).
