Proton

Device-based recovery

Reading
4 min
Category
Data recovery

Your Proton Account is secured using zero-access encryption. This means that no one can access your account without your login credentials, including Proton. 

To help prevent you from losing access to your account if you forget your login details, we have developed several recovery methods that do not compromise your privacy(new window). Device data recovery is one of these.

What is device-based recovery?

If you enable device-based recovery, Proton will store an encrypted backup keychain as a file in your browser’s web storage(new window).

If you forget your Proton password and need to reset it, the next time you sign in on a trusted device using your new password, full access to your Proton Account will be restored.

For now, device-based recovery is available on our web app.

Is device-based recovery safe?

Yes. Your Proton Account OpenPGP encryption keys are stored on your device in a recovery file. The recovery file is encrypted using a randomly generated symmetric encryption key. We call this derived key the recovery secret, which is uploaded to our servers.

When you unlock your account using device data recovery, the recovery secret is downloaded to your device and used to decrypt your Proton PGP keys. At no point does Proton have access to your account keys. 

If you delete the recovery secret from our servers (see below), the recovery file becomes completely useless. 

How to enable and disable device-based recovery on your device

Device data recovery is enabled by default. But to save the encrypted keychain file to your browser’s web storage, you must select the Keep me signed in checkbox when you sign in to your account.

Check keep me signed in

That browser on that specific device is now a trusted device

If you wish to disable device data recovery, go to SettingsGo to settingsDashboardRecoveryData recovery and toggle the Trusted device recovery switch off

Disable device data recovery

This will disable device data recovery on all your devices, even if the Keep me signed in checkbox is ticked. 

How to recover your account

If you forget your password and device data recovery is enabled (see above):

1. Reset your password(new window)

2. Log in to your account on a trusted device using your new password. 

Your account keys will be decrypted in the background, giving you full access to your Inbox.

How to delete recovery information

You can delete all recovery information from a device If you no longer trust it (for example, if you sell it). There are two ways to delete recovery information.

Option 1: Before signing out of your Proton account, check the box that says Delete recovery information.

Or

Option 2: Log in to mail.proton.me(new window) and go to SettingsGo to settingsDashboardRecoveryData recoveryRecovery fileVoid all recovery files.

Doing this will void all trusted device information stored on our servers, so you will not be able to use trusted device recovery on any device that you have previously trusted.  

If you are sure you want to proceed, at the warning, click Void

Click Void

How to manually save a recovery file

In addition to the automated device-based recovery method described above, it is also possible to manually download a recovery file and restore your account from it. 

To do this, log in to mail.proton.me(new window) and click SettingsGo to settingsDashboardRecoveryData recoveryRecovery fileDownload recovery file. Save the .asc file using your system’s default file manager. 

Learn how to recover your account using the downloaded recovery file(new window)

Didn’t find what you were looking for?

General contact[email protected]
Media contact[email protected]
Legal contact[email protected]
Partnerships contact[email protected]