ProtonMail has the option of enabling Two-Password Mode if needed. This is different than 2FA or Two-Factor Authentication where you’d need to authenticate using a token or a text message besides the password.
The Two-password Mode requires entering two passwords – one for the initial logging in and the other to decrypt the ProtonMail inbox and access emails. So the first password is to verify the user identity and the second is to decrypt the user data (Mailbox).
By default, the Two-Password Mode is turned off but can be enabled. Here is how:
Login to ProtonMail and click on SETTINGS.
Then select Account.
Over here, from the Password section, click on SWITCH TO TWO-PASSWORD MODE.
To access it, enter the login password as before and click SUBMIT.
A new login password will be required to enable the Two-Password Mode. So, your existing login password won’t be valid once a new password is set from here.
Enter a new password and click NEXT.
The second password to be created is the Mailbox Password.
Choose a password and click on SAVE.
A useful feature of Two-Password Mode is that the Mailbox Password is local and not transmitted, unlike the login password. So, the inbox is decrypted locally on the device when it is enabled.
Using The Two-Password Mode:
Once the Two-Password Mode is enabled, log out of ProtonMail and log back in. The first password will be the newly created login password.
Once that is validated successfully, a prompt to enter the Mailbox Password will be displayed.
After that, you can now access the ProtonMail inbox and send/receive emails as before.
To change the Login or Mailbox password anytime, again go to the Account section as before.
You can also switch back to One-Password Mode from here.
Using the default One-Password Mode is sufficient for most purposes as long as the password is strong but it can still be useful to have another layer of password protection if needed. Two-Password Mode helps with that.
Happy emailing.