Proton

How to use a 2FA security key to protect your Proton Account

Čtení
5 minut
Kategorie
Two factor authentication (2FA)

One-factor authentication allows you to verify your identity when signing in to your Proton Account using something you know — your login details. 

Two-factor authentication (2FA) greatly improves the security of your account by requiring something you have (your phone or security key) or are (your faceprint or fingerprint). Unless an adversary knows your login details and also has physical access to this second factor, they cannot access your account. 

Proton supports two different types of 2FA sign-in. You can use:

Physical security keys have the advantage that they are not vulnerable to phishing

This support article explains how to use a U2F or FIDO2 security key to secure your account using two-factor authentication. Before doing this, you must first configure 2FA using an authenticator app

Learn how to secure your account with 2FA using an authenticator app

You can add a security key for 2FA verification via any browser. You can then use that security key for 2FA verification on our web, desktop and mobile apps.

You can configure up to four security keys for use with your Proton Account.

How to set up your security key for use with your Proton Account

To use your security key to provide 2FA authentication while signing into your Proton account, you must first enable 2FA using an authenticator app. Then:

1. Sign in to account.proton.me and go to Settings → All settingsAccountAccount and passwordTwo-factor authentication.

2. Toggle the Security key switch on. (For security reasons, you may be prompted to re-confirm your password and verify your identity using a 2FA authenticator app.

If you have already registered another security key, you may be asked to use this to verify your identity instead.) 

3. Insert your security key into your device’s USB port.

To enable the use non-physical platform security keys, such as Windows Hello(nové okno) or Apple’s Touch ID(nové okno) or Face ID(nové okno), check the Allow platform keys box.

To only allow physical security keys, leave the box unchecked.

Click Continue when you’re ready.

Register your security key.

4. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers.

Register your key

Note that If your device has a built-in security key, you may also be prompted to use it (e.g. via Touch ID on iOS/macOS, or Windows Hello).

Touch ID on Safari for macOS

5. You will be asked to identify the security key with a name. Click Next when you’re ready. 

Name your key

Your security key is now registered with Proton and can be used as a 2FA device to access all Proton services using your Proton Account. 

Your security key is now registered

Note: If you’re using the Tor browser, you won’t be able to add a security key to your Proton Account as the Tor browser does not have FIDO2 support. Please use a different browser instead.

You can view all your registered keys, rename them, or delete them in the Two-factor authentication section of Settings

View your registered keys

How to use your security key with your Proton Account

Security key authentication is currently supported on the Proton Mail, Calendar, Drive, VPN and Pass web, desktop and mobile apps. Full support for physical security keys on our desktop apps will be coming at a later date.

1. Sign in to your Proton Account (for example, at mail.proton.me(nové okno)) using your Proton username and password.

You may also be asked to verify your account using your security key when performing certain actions, such as registering a new security key or changing your Proton Account password

Sign in

2. At the Two-factor authentication prompt, ensure the Security key tab is selected. Insert your security key and click Authenticate

Choose to authenticate with your security key

3. Your browser will request that you tap/touch the button on your security key. Below is the notification in Firefox, but it will be similar in other browsers. 

Insert your key

You will now be signed in to your Proton Account.

Learn more about U2F security keys

Troubleshooting

Safari asks me to use a different browser

When registering or using a security key with Safari, you may see the following error message: Please try using a different browser to complete this action. This is due to a known bug in the Safari browser. As workarounds, you can try the following:

To add a key, either:

  • Close Safari (click Safari in the menu bar → Quit Safari) and reopen it
  • Use another browser to register your security key

If you encounter an issue when using your security key, you can still use an authenticator app or the recovery codes generated when you enabled 2FA to regain access to your account. See our main two-factor authentication (2FA) support article for more details.