Device-based recovery

Device-based recovery is a data recovery method that lets you restore access to emails, calendars, contacts, and any other encrypted data on your account after a password reset by signing in on a trusted device.

To fully secure your account against password loss, you should also enable at least one password reset method.

In this article

• How it works
• How to use device-based recovery
  • Add a trusted device
  • Remove a trusted device
  • Disable device-based recovery
• Recover your data with device-based recovery
• Is device-based recovery safe?

How it works

Device-based recovery works by saving a recovery file on your trusted devices. If you lose access to your data after a password reset, signing in to your Proton Account on a trusted device will activate the recovery file and recover your data.

• A trusted device is any device on which you enabled the “keep me signed in” feature.
• When enabled on a Proton web app, the recovery file is saved to your browser’s web storage.

Device-based recovery unlocks your account data, but it can’t reset your password.

Learn how Proton account recovery works

How to use device-based recovery

Enable device-based recovery

Device-based recovery is enabled by default. Here’s how to re-enable the feature if you turned it off previously:

1. Sign in to account.proton.me and select Settings ⚙️ → All settings.

2. Select Recovery from the sidebar and scroll to Device-based recovery.
3. Turn on the Allow recovery using a trusted device toggle.

You can now recover your data by signing in on a trusted device.

Add a trusted device

When device-based recovery is enabled, signing in to your Proton Account with the Keep me signed in feature automatically adds that device and browser to your trusted devices.

1. Go to account.proton.me/signin.
2. Enter your username and password.
3. Make sure Keep me signed in is checked, then click Sign in.

Keep me signed in is also available on some Proton mobile apps.

That’s it. A recovery file has been automatically saved to your browser’s web storage, and it can now be used for device-based recovery.

Remove a trusted device

This deletes the recovery file from your browser’s storage, so it can no longer be used for device-based recovery.

1. Sign out of your Proton Account on the device and browser you want to remove.
2. You’ll see a pop-up about recovery-related information. Check the box that says Delete recovery-related information.
3. Click Sign out to confirm.

All done. The browser has been removed from your trusted devices.

Disable device-based recovery

There are two ways to disable device-based recovery:

Disable device-based recovery without voiding recovery files

Use this option to disable device-based recovery temporarily. It doesn’t delete the recovery files saved to your trusted devices, so you won’t have to re-add them once you turn it back on.

1. Sign in to account.proton.me and select Settings ⚙️ → All settings.

2. Select Recovery from the sidebar and scroll to Device-based recovery.
3. Turn the Allow recovery using a trusted device toggle Off.

Device-based recovery is now disabled. If you turn the feature back on, your trusted devices will be re-enabled automatically.

Disable device-based recovery and void all recovery files

This will disable device-based recovery, remove all trusted devices, and void any recovery files you saved manually.

1. Sign in to account.proton.me and select Settings ⚙️ → All settings.

2. Select Recovery from the sidebar and scroll to Recovery file.
3. Click Void all recovery files.

4. Read the warning. If you’re sure you want to continue, click Void.

5. Enter your password to confirm.

Recover your data with device-based recovery

If you reset your password with email or SMS recovery and can’t access your account data, just sign in to any Proton web app on a trusted device.

This will decrypt your data, giving you full access to your emails, calendars, contacts, files, and passwords.

Make sure you use the same browser where you previously signed in (and checked “Keep me signed in”).

Learn how data recovery works

Is device-based recovery safe?

Yes. Your Proton Account OpenPGP encryption keys are stored on your device in a recovery file. The recovery file is encrypted using a randomly generated symmetric encryption key. We call this derived key the recovery secret, which is uploaded to our servers.

When you unlock your account using device-based recovery, the recovery secret is downloaded to your device and used to decrypt your Proton PGP keys. At no point does Proton have access to your account keys. 

If you delete the recovery secret from our servers (by removing a trusted device), the recovery file becomes completely useless.