Proton Mail is a privacy-focused email service that uses end-to-end encryption, meaning only the sender and recipient can read the content of an email. It also offers zero-access encryption, meaning Proton itself cannot access the contents of emails. This focus on security and privacy makes it a popular choice for individuals and organizations seeking to protect their communications

Once you have registered your FIDO2 key with Proton, the key will be ready to be used as an authentication method when accessing your account;

Register your FIDO2 key in your Proton Mail account

Before you can use your FIDO2 key as an access method for your Proton account you will need to register the key with Proton using the following procedure;

• Click here for instructions for how to register your FIDO2 key with Proton ...

  Log in to your Proton Mail account, then select "Proton Mail";

  

   Click on the setting icon (), then  click on the button;;

  

  In the left hand column of the page, click on the menu link "Account and password"; 

  

  Next, scroll down to the section "Two-factor authentication";

  

  Before a Fido key can be used as an authentication method you will first need to ensure that the authenticator app option is enabled (this will allow authentication either using an authenticator app, or via a hardware token.

  If your Security key 2FA option is greyed out (as in the example above), then you will first need to add an authentication app (or hardware token) using the following procedure;

  • Click here for instructions on adding a backup authentication method ...

    Log in to your Proton Mail account then select "Proton Mail";

    

     Click on the setting icon (), then click on the  button;;

    

    
    

    In the left hand column, click on "Account and password";

    

    Then scroll down to the section "Two-factor authentication", and at the prompt "Authentication app", enable this feature by clicking on the slider (indicated below);

    

    A window will now open requesting your password;

    

    Supply your proton mail password, then click .

    A new window titled "Set up two-factor authentication" will now open;

    

    Click , and you will be presented with a QR code;

    

    You can use the QR code to program our programmable tokens using the instructions found in the following procedure;

    • Click here to expand...

      To program a SafeID/Diamond or SafeID/Pro token with a QR code, launch the SafeID/Diamond programming tool.  

      

      
      

      Click the Scan QR Code button 

      Click here for instructions on Scanning QR Codes ...

      Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

      You can scan the screen for a QR code, or load from a file.

      

      If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

      If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

      

      
      

      Select Scan Screen.

      If succeeded, the Seed box should be filled with the token's seed data.

      

      
      

      Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

      

      
      

      Press the Connect button

      

      
      

      Now, switch on a SafeID token and place it on the reader. 

      The tool will read out the token's serial number and time, and display them:

      

      
      

      If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

      Press the Burn button

      

      
      

      The token is successfully programmed.

      Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

      

      Related Articles

      • Programmable Tokens and keys
      • Hardware Tokens
      • NFC Card Reader
      • Checking and resolving time drift on a windows computer
      • How to generate QR codes for authenticator apps or programmable tokens
      • How to extract seed data from a QR code using a PC

    Verifying your token

    Once you have programmed your token you will need to verify it with Proton Mail.

    Click , and you will be asked for the 6 digit OTP code;

    

    Enter a code from your programmable token and you will be provided with a backup codes (these codes should be stored for emergency use);

    

    You are now ready to use your programmable token as an OTP source when you next log in to your proton mail account.

    Related Articles

    • OTP Tokens
    • Programmable Tokens and keys
    • NFC Smart Card Reader
    • How to use SafeKey as a FIDO2 passkey with Proton Mail

  Once you have added the backup authentication method (Authenticator app or programmable token), the first option ("Authenicator app") will be ticked, and second ("Security key") will be available (example below);

  

  To enable logon using a Fido2 key,  enable the slider "Security Key", enable this feature by clicking on the slider (indicated below);

  

  You will be prompted to enter your Proton password, enter your proton password then click ;

  

  Now enter an OTP code (either from your authentication app, or programmable hardware token);

  

  
  

  Once the OTP code has been entered you will be ready to register your Fido2 key, click ;

  

  You will now be presented with a list of possible passkeys, select "Security Key", then click ;

  

  You are now notified that access to google will be prepared with your Fido2 security key - click  to proceed to the next step;

  

  Google will now ask permission to examine your Fido2 key, insert the key into a USB port then click ;

  

  You will mow be asked to touch the button on your key (if your model has a fingerprint reader you may be asked to provide a finger swipe instead);

  

  Provided you press the button on the Fido2 key in the allowed time, the passkey details will be stored on your Fido2 key, and you will be presented with the following confirmation;

  

  You will now be offered the opportunity to name your security key.

  In the field "Key name", supply a suitable name then click

  

  You will now be notified that the security key has been registered, click

  

  Your Fido2 key has now been registered with Proton mail, and is ready to be used when logging on to the application;

  

Signing in to a Proton Mail portals with your FIDO2 key

Once you have registered you FIDO2 key with Proton the key will be ready to be used as an authentication method when accessing your account;

• Click here for an example of accessing Proton using your Fido2 key ...

  Unable to render {include} The included page could not be found.

  
  

Related Articles

• FIDO U2F Security Keys
• Using programmable hardware tokens with Proton Mail MFA