Two-factor authentication on Proton VPN

Two-factor authentication (2FA)(nuova finestra) adds an additional layer of security to your Proton VPN account by requiring a second round of verification to the login process. To use 2FA, you must have a device with an authenticator app installed on it. The authenticator app creates a one-time, 6-digit code to use as a verification code when you log in.

This means that even if an attacker gets a hold of your password, they cannot log in to your account unless they also have access to your mobile phone. We recommend enabling 2FA on your account to keep your account secure.

There are many authenticator apps to choose from, but we recommend using Proton Authenticator(nuova finestra), a free and open source app from Proton that allows you to:

• Access your 2FA codes on mobile and desktop apps, even offline.
• Sync your 2FA codes to all your devices with end-to-end encryption.
• Enable automatic backups for peace of mind
• Easily import from other 2FA apps, or export from Proton Authenticator.
• Protect your account with biometrics or a PIN code.

Learn how to use Proton Authenticator(nuova finestra)

You can now also generate 2FA codes using Proton Pass(nuova finestra).

How to set up 2FA

To set up 2FA in your Proton VPN account:

1. Sign in to your Proton VPN account at account.protonvpn.com.

2. Go to Account → Two-factor authentication and toggle the Authenticator app switch on. You’ll be asked to provide password authentication.

3. Click Next to start your 2FA setup.

4. Open your authenticator app on your mobile device, and scan the QR code with your device’s camera.

Note: Do not scan the demo image shown below. Scan the image shown in your account settings.

If you prefer, you can enter the authentication key manually by selecting Enter key manually instead. Use this method for 2FA using the Proton Pass browser extension.

Once you have successfully added your Proton VPN account to your authenticator app, click Next.

5. Enter The one-time 6-digit code generated by your authenticator app, and click Submit.

6. You’ll also receive several one-time recovery codes. Please save these codes in a secure location. If you lose your authentication device, you can enter a recovery code instead of a one-time code generated by your authenticator app. You can only use each recovery code once.

Your 2FA setup is now complete. You can now use the authenticator app on your mobile device to create 6-digit verification codes to access your account.

How to reset 2FA

If you loose access to your Authenticator app (for example, if you lose your phone), you can reset your Proton 2FA. To do this:

1. Sign in to your Proton VPN account at account.protonvpn.com. When you’re asked for a 2FA code, use one of the one-time recovery codes that you saved in Step 6 above.

2. Go to Account → Two-factor authentication and toggle the Authenticator app switch off.

3. Click Disable and provide password authentication.

Once done, your old 2FA codes will no longer work. We strongly recommend setting up 2FA again once you have access to an Authtenicator app. To do this, you’ll need to repeat the process described above.

How to use 2FA with multiple devices

If you wish to receive your 6-digit verification codes on multiple devices — for example, your phone and your tablet — you must install an authentication app on each device.

If you’ve already enabled two-factor authentication, you’ll need to disable it first.

1. Log in to your Proton VPN account at account.protonvpn.com.

2. Go to Two-factor authentication and toggle the Authenticator app switch off. Click Disable and provide password authentication.

3. Toggle the Two-factor authentication switch back on and configure 2FA as described above. At step 4, all devices you want to use to authenticate 2FA must be configured at the same time and using the same QR code or manual authentication key.