Login to your Proton Mail from browser.
Click gear icon on top right > Go to settings
- Recovery phrase: On > Generate recovery phrase > Enter Password > Submit > Save Recovery phrase > Done/Download.
ℹ️ NOTE: A recovery phrase lets you access your account and recover your encrypted emails after a password reset. Keep this phrase somewhere safe, to prevent loss or unauthorized access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.
- Two-factor authentication >
- On > Next > Scan the code using an authenticator app > Enter Password and Two-factor authentication code > Submit > Save the backup codes > Ok.
ℹ️ NOTE 1: Use a privacy respecting authenticator app. Check out recommendations, alternatives & reviews.
ℹ️ NOTE 2: The backup code is required to login, if 2FA method is lost, broken or unavailable. Keep this code somewhere safe, to prevent loss or unauthorized access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.
- Two-password mode: On (Optional, but can be enabled for one extra layer of security.)
- Revoke any old sessions which you don't use anymore.
By default, Proton Mail keeps temporary IP logs to combat abuse and fraud. IP address may be retained permanently if you're engaged in activities that breach their terms and conditions (spamming, DDoS attacks against ProtonMail infrastructure, brute force attacks, etc.).
If you suspect that someone else has access to your account, you can check your login activity in the authentication logs by enabling this. If you enable advanced logs, your IP addresses and the date & time of login will be captured. However, this also means your login IP address is kept permanently until you manually wipe the logs.
- Send crash reports: Off
- Auto-load embedded images: Off
- Confirm link URLs: On
- Undo send: 20 seconds (Not necessarily a privacy feature but might come in handy)
- Auto show remote images: On (Make sure to enable the next setting below too)
- Block email tracking: On
- Sign external messages: On
- Attach public key: On
- Default PGP scheme: PGP/MIME