> And as for those who can't store their own password securely, they shouldn't be using Proton in the first place.
I think that the strongarming is a result of them actively trying to target the layman, them not wanting complaints from newbie users who lose their password. Not that that justifies it of course.
> couldn't you just make another proton email and link them
I thought about this, but no, that would fully compromise the data stored in both accounts. This is because the new recovery message would be intercepted by Proton, relayed to the attacker, and then it's game over, first for the first account, and then similarly for the second account. The encryption of Proton applies only to historical messages.
Calling this strongarming seems more than a bit hyperbolic. It makes sense why they'd want people to add recovery options. I'm sure they get a lot of support requests for people locked out of accounts. Personally, I'd want recovery options for my email account, even at the cost of increasing my attack surface. It's a worthwhile tradeoff for me, and I suspect it is for most users too.
6 comments
[ 2.9 ms ] story [ 20.3 ms ] threadI think that the strongarming is a result of them actively trying to target the layman, them not wanting complaints from newbie users who lose their password. Not that that justifies it of course.
I thought about this, but no, that would fully compromise the data stored in both accounts. This is because the new recovery message would be intercepted by Proton, relayed to the attacker, and then it's game over, first for the first account, and then similarly for the second account. The encryption of Proton applies only to historical messages.
I would be very surprised to find more than 20% of Proton Mail users sharing this viewpoint.