how would a recovery email work, if Proton themselves were unable to encrypt it?
- user loses password
- a reset password link must be sent somewhere the user can access.
- proton (or any provider) must be able to send email to user@example.com
hopefully, proton encrypts the recovery email at rest and in transit. however, to affect recovery, they need to be able to decrypt it.
what can be done?
one can refuse to enter the recovery email.
then, take their chances that their password backups and such would prevent the need. else, provide a recovery email that is equally resistant to connection back to the user.