Question: How do I get my Mail Password from my ProtonMail Account #138
Comments
|
I think you can ignore it because it's a legacy thing (or for users who actively enabled this feature). Protonmail used to have 2 passwords to login, one for the protonmail account and another one as the mailbox encryption password. Since PM merged the two for never accounts, it's likely you are not using an additional mail password, so leave it blank. |
|
First of all the email providers passwords input fields in the app are optional. You don't have to enter the values to be able to use the app but then you will need to enter the passwords manually like you do using a browser. Initially, protonmail had two passwords only signin scenario. But then at some point they switched to one password model. So if you are able to signin into you account using browser/mobile client with only one password then you can just ignore the It's possible to switch on / off the two password mode if there is a need.
I think I better put a link to this issue next to the existing description link in the app. |
|
Correct. Reopening until the following stuff is fulfilled:
|
Resolved in master branch. |
|
You don't describe, what to do, if I have already that two password mode active. That description link does not give the information, where I get that secret key seed :( |
In this case you have to enter two passwords: "main / primary password" and "mailbox password". You can locate the respective "Password" and "Mailbox password" inputs on the account edit form, see screenshot if needed. Another option, I tend to name preferred, is to enable the persistent session for the account and not store any credentials in the app. So you log in manually, just like in a browser, and the app securely "remembers" the session for you. In this case by the way there is no need to fill the secret seed of the 2FA into the app but enter the one time token when it's asked, ie same workflow like the in-browser use. |
|
No, you didn't explain it here either, where I get the secret seed. Certainly I know my passwords and its obvious, where to put them. But I figured out my own - from my 3FA app. I already have 3FA active and don't want to turn it off and on again. I just need enter proper values. Your instructions are for privacy-unaware people, who do not care about MFA. Still there are also people, who already have 3MFA turned on and just need enter values not turn off/on features, that will require uncomfortable password change, also other sensitive data change - this is too much hassle instead of just entering proper values. And these values exist and you don't need to turn off/on these features. |
|
You can't get the secret seed of 2FA without re-enabling the feature at the @ProtonMail side. I understand that it's a hassle but you/the-app can't generate the 2FA token not having the secret seed. Anyway, you have the option of using the above-referenced persistent sessions feature. This way you just enter asked by @ProtonMail stuff same way you do in the browser, not saving any credentials in the app.
I'm now considering enabling by default the persistent sessions feature for new accounts in the next app release. And also hide the credentials fields in the collapsed by default block. This should make the app use more secure and more straightforward for new users. So reopening the issue. |
No, that re-enabling was absolutely not necessary! I got easily that secret key from my MFA app (FreeOTP+).
That might be useful for beginners :)
That hiding credentials fields don't understand. We need to enter credentials - why to hide these fields? If there are no fields, where enter credentials - it is absolutely not straightforward for beginners. Perhaps I don't have that good picture, what you really mean, as I used that login window only once. If you consider this better, then we will hear that from next beginners :) |
Sure, but this is true for advanced users only (you are one of them). For average user it's described in #10.
The point is that initially, the app didn't have the persistent session feature. But it got enabled in https://github.com/vladimiry/ElectronMail/releases/tag/v4.2.0 (about one year ago) and it's proven to work reliably since then. So the auto-login into the mail account scenario via the automatic @ProtonMail forms substitution becomes obsolete in favor of the persistent sessions scenario.
I mean that users will enter the credentials manually in the @ProtonMail forms, the same way they do in the browser. The app will seamlessly remember the session using the enabled by default persistent session feature which means there won't be a need to enter the credential again on next app start. This is a more secure way of providing auto-login into the mail account feature since the credentials won't be stored anywhere. |
Well - just open the FreeOTP+, or whatever app is used, and look into it :) Certainly I don't know other apps, but at least FreeOTP+ is showing it pretty nicely. Certainly you need to open the Edit option under 3-dot menu in FreeOTP+. I guess nowadays situation is, that who knows mouse right click or can open Settings, is already advanced user :) Anyway, sounds great app so far, especially I like the app.protonmail.ch feature not only for ProtonMail, but also for other Proton apps. I've tried to convince ProtonMail support to offer these additional apps (Calendar, Drive, etc) also over .ch but so far they haven't done nothing and I've asked it already many months, possibly a year ago... |
That's correct that all those linked to phone / mobile 2FA apps store the secret seed and when needed generate the one-time 2FA token from it. The app does the same but without the phone. But I don't really want to jump into the position of explaining to users how to extract the secret seed from all those 2FA mobile apps. |
|
This is how the account edit form is going to look since the next app version (the persistent sessions toggle enabled by default and the credentials block collapsed by default since becomes obsolete).
The change is implemented in 93186ba but not yet merged into the master branch. |
|
Credentials are NOT becoming obsolete, because there are STILL some persons LIKE me, who DO USE 3FA (login user/password,2 factor, inbox password)! Such approach will decide INSTEAD of users, that they should conside abandon that higher security and stick to one-password approach.... |
|
Would like to understand why you interpret the change this way. Because it's not about discouraging the users from having the 2FA + mailbox password activated in addition to the mail password. But about encouraging the users to enter the credentials manually the same way they do in a regular browser rather than storing the credentials in the app. The primary purpose of the app is not about storing the credentials, there are better solutions for this need. Storing credentials in the app is no longer unnecessary for the auto-login into the account functionality since the app provides the persistent sessions feature starting from https://github.com/vladimiry/ElectronMail/releases/tag/v4.2.0. So putting the credentials into the collapsed by default and marked as "obsolete" block is aimed to make all the users aware that it's, in general, better not to store the account credentials in the app. Obsolete doesn't mean that the feature is planned for dropping. |
|
@joshirio, would also appreciate your opinion on the change described in above message #138 (comment). |
100% agree with your points here. Storing credentials, especially 2FA seed, is less secure than a session token which can be revoked at any time from the Protonmail website. I also don't understand why this shouldn't obsolete the legacy login method. It has only advantages. |
How do I get my Mail Password from my ProtonMail Account. I clicked on the Description link above the input asking for Mail Password when you Add an Account but I cannot figure out how to obtain this mail password.
The text was updated successfully, but these errors were encountered: