Two-factor authentication on ProtonVPN

Two-factor authentication on ProtonVPN

Two-factor authentication (2FA) adds a layer of security to your ProtonVPN account by adding an extra verification to the login process for additional protection. Currently, ProtonVPN supports the one-time password (OTP) protocol, so accounts with 2FA enabled will be prompted to enter a 6-digit code upon logging in. This 6-digit code will be generated by an OTP app that is installed on your mobile phone.

This means that even if an attacker somehow get a hold of your password, they still cannot get into your account without also having access to your mobile phone. We recommend enabling 2FA on your account to keep your account secure. 

ProtonVPN apps do not prompt users for 2FA during login because they do not keep any logs of user data. Thus, there is no sensitive information to protect. However, 2FA can be implemented to protect your Account settings, which contains critical information, such as your payment details.

To use 2FA, you must have access to a second device with an OTP or authenticator application installed on it. This authenticator app will create one-time passwords for you to use as your verification codes when you log in. Below you will find some different app options. You must install one an authenticator app on your mobile phone first before you can use 2FA.

Android

• Authy
• Google Authenticator
• Duo

iOS

• Authy
• Google Authenticator
• Duo

Setting up Two-Factor Authentication in ProtonVPN

1. Log in to your ProtonVPN account. You can find a link to your account in the ProtonVPN app, or you can follow this link: https://account.protonvpn.com/.
2. Navigate to Account in the menu bar on the left.
3. Slide the toggle switch below Two-factor authentication so that it is on the ✔.

   

4. Open the authenticator app you have chosen on your mobile device and select the option to scan a QR code, or manually enter the authentication key. To scan the code, point your device’s camera at the QR code seen in your ProtonVPN account. (Note: the image below is a demo, do not scan it. Scan the image shown in your account.)

   

5. You will see the following modal that requires you to enter your ProtonVPN account password, along with the one-time passcode that your authenticator application is currently displaying.

   

6. ProtonVPN will also provide you with several one-time use recovery codes. Please save these codes in a secure place and do NOT lose them. If you ever misplace or lose your authentication device (mobile phone, etc.) these codes will be the only way to log into your account. When you are logging in and ProtonVPN asks you for the 6-digit authentication passcode, you can enter a recovery code instead.

Note: Each code can only be used once, and they must be used in the listed order, so please save all the codes.

How to authenticate from multiple devices

To receive six-digit authentication passcodes on multiple devices — say, your phone and your tablet — you must have an authentication app installed on each device. Then follow the steps below:

1.  If you have already enabled two-factor authentication, you will need to disable it.
2. Navigate to Account in the menu bar on the left, then slide the toggle switch below Two-factor authentication so that it is on the ✔.
3. Scan the QR code using the authenticator app on each device. You can also make a screenshot of the QR code and save it for later to scan with your other devices.

Or, instead of scanning the QR code, the other option is to click on the “Enter key manually instead” button. You will be provided with a key that you will need to enter manually in the 2FA app.

If the 2FA is not working, please check the following article for the most common 2FA login problems.