Lost access to my Proton account because of a bug

I changed the passphrase of my Proton account and everything went smoothly. I throwed away my note with an old passphrase and 2 days later it turns out that my passphrase didn’t even change…

I’m logged in to Proton Pass on my phone and enabled biometrics inside the app, so I can at least get all the data out of my password manager, but is there a way to get access to the contents of my Proton Drive or Proton Mail?

I have Proton VPN and Proton Pass on my Pixel and both are signed into my account with enabled biometrics for authentication.

Contact support? Maybe they can do something for you while you are still logged in on some devices.

4 Likes

Already did, really hope that they will be able to help.

Do you mean a physical note (piece of paper) or a note in Proton Pass or Bitwarden or somewhere? Most password managers I’ve used have revision history, and also don’t immediately permanently delete, deleted entries (usually a trash folder first). On the off chance that your note was stored in a password manager, it may be recoverable.

1 Like

You can also try to recovery method if you have set it up.

2 Likes

This is precisely why Proton has implemented different recovery methods, such as the recovery phrase that you should always save. Creating an emergency kit is essential. Also, you should always try to remember your passphrase, and saving a copy in your password manager could also be useful.

3 Likes

Physical note, unfortunately.

Sorry to hear that. I hope you are able to find a solution. I’ve come extremely close to losing access to my password manager before (did lose access for a few weeks), so I can empathize with the stress this causes. Hopefully Proton support can be of assistance.

2 Likes

@Lukas not sure if this works but…

If you are signed into Proton Pass, have you tried going to the account management part in the app, setting up a recovery email, and then using the recovery steps for Proton email and/or drive?

Proton will always have the ability to recover an account, so I’m not worried about that. What’s important to me is the data, especially the photos in Proton Drive…

I can recover the account, but data would stay encrypted.

Ahh I misunderstood. I did not realize the massive difference there is between resetting your password and changing your password.

As other have said, I hope Proton Support is able to help resolve that issue.

If you have a recovery key you can recover the data with that too. I have tested that before :slight_smile:

Good reminder to test your data recovery.

Note that if you reset your password using your recovery phrase, you’ll automatically restore full access to your existing messages and other encrypted data

I have really enjoyed keepassxc vaults distributed on pcloud across me and my wife’s devices. I have a relatively common but complex master password that I pair with either me or my wife’s hardware key.

If one of us loses their hardware key the other can open it. You could just have two or more hardware keys if you don’t trust anyone that well and just have multiple copies acroas devices.

In this case at least you had a session for proton pass.

The number of vault copies, hosting the encrypted blob on a third party server, and having multiple hardware keys (other human optional) may not fit all threat models but its air tight for my needs and mostly my needs are I lose shit all the time like this!

1 Like

Happened to me recently.

Proton Pass has not wisened up to how people expect it to be used.

They should almost never log you out of actively used intimately personal devices, especially cellphones because you risk a total lock out.

I eventually resorted to using my recovery email that was to remove. Thank God I am lazy.

Did you removed it now? I don’t have a recovery email but …

No. I dont think I will for now.

If someone is an idiot like me and also lost access and is still logged in to either Proton Pass or Proton Mail. Then you can ask for a reset.

Go to settings and try to change your password, at the bottom you will see an option that you can press if you don’t remember the current password, press that and your account will be recovered in 3 days. In that time, Proton will send notifications to all of your devices and your email to warn you about this.

If this feature doesn’t fit your threat model, disable it on the web.

4 Likes

So what’s the actual bug here? this sounds like a user misunderstanding or user error, not a bug with Proton’s systems.

I don’t plan on changing my password anytime soon with them, but if it’s a bug, I’d like to know what to look out for if/when I do make that change.

Password changing process went fine, but the password didn’t change. So it was some kind of a bug.

If I understand correctly, because the change did not work that forced you into doing a password reset which then de-activated the encryption keys, correct?

My understanding is that only a password reset (not change) could lead to the encryption issue you were running into, which is why I want to clarify if I understand.