Is 2fa necessary for email?

I’m deciding on wether to use proton or as my primary email provider, is my preferred choice, as it’s cheaper (i don’t use e2ee (I send emails to family members who use gmail, or to people who don’t use opengpg).
I was concerned however from the lack of 2fa authentication for accessing the email through imap/smtp. It’s a valid concern? I use 2fa for all the other important accounts.

1 Like

I would say yes, 2FA is necessary on your email. It’s probably tied to many accounts and registrations. Especially if you don’t use aliasing. If a bad actor gains access to your primary mail, it could potentially have big consequences for your accounts.

Mailbox is great, but the lack of its own client and the bad implementation of 2FA made me leave the company. But that’s a personal matter, the service is great tho never had any problems.


mailbox has a weird 2fa implementation but the result is “similar” to specific-app-password.
You log on your web interface with username and pin+otp (or pin+yubikey), for other services like imap, drive, xmpp, you use your username/password.

1 Like

Yes but you can use proton mail or tutanota anyway is barebones. All it is good for is that the service presumably does not monetize the data of its users. There are better choices out there for actual mail but is best used for servers to set up SMTP notification if certain services goes down in your selfhosted servers or in the cloud.

I use a Yubikey for mine. Your email is a main “key” to all of your accounts. Someone gets access to that, they can reset passwords to your accounts, including your bank account.


Much like @in_the_city stated, having MFA enabled on your e-mail is most likely the most important MFA you will have.

It’s the center of it all.