ProtonPass extra password

Laurent

Hello, I have a question about the ProtonPass application. Does anyone here know a developer at proton? I forgot my extra password, I can't remember it and there's no way to reset it. It's been about three weeks since I sent a ticket to proton to see if they can do anything but I've had no reply. I've posted several messages on their reddit but they're deleted by moderation. I've lost all my passwords... I bought ProtonPass quite expensive during black friday and it would bother me if nothing could be done. I need help!

fid02

Laurent It's been about three weeks since I sent a ticket to proton to see if they can do anything but I've had no reply.

Send them a new ticket by filling out their support form. The previous one might have ended up in their spam filter for some reason or you could have mistyped the contact email address in the form.

Probably9857

Laurent

I think you're out of luck there. All their documentation indicates that you won't be able to access your Pass account if you lose the extra password. I doubt they have the ability to reset or remove it.

However, if you just set this up around Black Friday...how did you get your passwords in to Proton? Maybe you have an export file from your previous password manager sitting around, or in your computer's trash bin that you could recover?

Laurent

fid02 I have already sent several, each time an automatic message replied that he was sorry, or they ask me to update my message...

fid02

Laurent I have already sent several, each time an automatic message replied that he was sorry, or they ask me to update my message...

Did the person/message explain why they were sorry, and what you should update?

Assuming you remember your primary account password, you can sign in to mail.proton.me and send an email to support staff.

Overlay1404

Hopefully you setup some recovery methods.

If you happen to still be logged in to one of the services on a device you could try their signed-in reset option.

Probably9857

Overlay1404

I believe those methods relate to the primary account password. The OP seems to have that password, but has lost the "extra" password they set specifically for Proton Pass.

My understanding is that Proton can help you recover access to your account, but if your data is encrypted with a different/additional password, which appears to be the case here, that is a different thing. I would be surprised (and suspicious) if they could recover data without the password used to encrypt it.

Overlay1404

Probably9857

Probably9857 My understanding is that Proton can help you recover access to your account, but if your data is encrypted with a different/additional password, which appears to be the case here, that is a different thing

Correct me if I am wrong but I think you can circumvent the extra password with the data recovery options such as a recovery file or recovery phrase. These methods are specifically there to recover encrypted data. Otherwise I think Proton support is able to remove the 2ndary password from the account to allow you to use this option if it can't be automatically bypassed.

If OP happens to still be signed into a service on a device, they should also be able to use the signed-in reset options as well.

Probably9857

Overlay1404

I may be mistaken then. The OP should definitely pursue any possible solution.

Anti2030

Probably9857 Hi, sorry to hear about what happened, I had the same problem as you, I lost the additional proton pass password, I wrote to the support and explained what happened and they asked me several questions and after 24 hours, they restored my access without any problems.
Write to support on their official website.
I personally don't agree with the password reset because if someone would have tracked me or hacked my main password they would have impersonated me and got all my information.
Support can solve this problem for you, since I wrote to them, support restored my access within 72 hours.
I hope you have good luck

Probably9857

Anti2030

I wasn't the OP, but that is good news for them. Thanks for the info.

Laurent

Hello everyone, thank you for your answers! The proton team reset my additional password after I answered questions that only I could answer, questions like who are your latest correspondents on protonmail or what proton applications do you use on your phone... I couldn't send messages here earlier but thank you all. Have a good day

Laurent

Well, the thing that makes me ask questions now is that proton can access my passwords, since they can reset them...

Probably9857

Laurent

Not exactly, but it does make the extra password a bit like security theater.

The extra password is apparently not involved in the E2EE of your passwords. Proton can't read them.

The extra password is being used as a second level of authentication. Like 2FA, except that its just an additional thing you need to know.

The dumb thing IMO is that they describe the extra password as providing additional security for your passwords as compared to your email...but then they're willing to reset it based on answers to questions that anyone with access to your email could answer.

I suppose it does provide some level of additional security, but it seems like not much to me.

Laurent

Probably9857 They should consider protonpass as an application distinct from the rest, in view of what it contains

Probably9857

Laurent

I agree. Specifically, they should not use the same password for encryption.

Having your email and passwords (and maybe even 2FA codes) all in one place creates a huge single point of failure, both in terms of losing access yourself, and also the risk of someone gaining unauthorized access.