• Skip to main content
  • Skip to primary sidebar
  • Home
  • About
    • Stephen Foskett
      • My Publications
        • Urban Forms in Suburbia: The Rise of the Edge City
      • Storage Magazine Columns
      • Whitepapers
      • Multimedia
      • Speaking Engagements
    • Services
    • Disclosures
  • Categories
    • Apple
    • Ask a Pack Rat
    • Computer History
    • Deals
    • Enterprise storage
    • Events
    • Personal
    • Photography
    • Terabyte home
    • Virtual Storage
  • Guides
    • The iPhone Exchange ActiveSync Guide
      • The iPhone Exchange ActiveSync Troubleshooting Guide
    • The iPad Exchange ActiveSync Guide
      • iPad Exchange ActiveSync Troubleshooting Guide
    • Toolbox
      • Power Over Ethernet Calculator
      • EMC Symmetrix WWN Calculator
      • EMC Symmetrix TimeFinder DOS Batch File
    • Linux Logical Volume Manager Walkthrough
  • Calendar

Stephen Foskett, Pack Rat

Understanding the accumulation of data

You are here: Home / Everything / Go Get a ProtonMail Account and Protect Your Online Life!

Go Get a ProtonMail Account and Protect Your Online Life!

July 19, 2017 By Stephen 3 Comments

I don’t usually advocate for specific products, but I’m 100% on-board with this recommendation: Stop what you’re doing, go get a ProtonMail account, and use it as the verification account for your online self! ProtonMail is much more secure than any other mail provider and is the ideal place for password resets and bank account statements. Best of all, it’s free!

ProtonMail offers various account tiers and options, but the free account is good enough to be a “backstop” for account verification

Insecure Email

Email is not secure. Even with TLS and good passwords it’s far too easy to snoop, phish, or stumble into someone’s email account. And this is especially true of our “daily” email accounts: If you’re receiving email on your phone, iPad, and computers at home and work you’re leaving yourself vulnerable to account highjacks.

There’s really no way to fix this, and it’s not Google’s fault or anyone else’s. You want your email to be accessible whether you’re at home, at work, or on the road. And it’s useful to have email alerts “bust through” your lock screen.

This is one reason email is fundamentally insecure. Since you want it to work everywhere and go everywhere, it’s designed with the lowest common denominator in mind. So email protocols are fundamentally insecure by design. It’s a feature, not a bug!

But we don’t just use email to chat and do business. We also use our email accounts as a verification factor for password resets and to receive intensely-personal information from our banks, doctors, and so on. I don’t blame these sites for using email addresses for security: Email is the only universal account, and I much prefer emailed verification than some kind of proprietary authentication, handing over even more power to Facebook, Google, or Twitter!

Get a “Backstop” Email Account

It’s time to stop mixing communication and authentication in the same email account.

The solution is simple: Get another email account for security-related functions. You can keep using your regular email for regular communication, but redirect security and financial information to a secure account.

If someone was to hack into my email, they’ll hit the Gmail account since that’s all that’s set up on my iPhone, iPad, and MacBook. When I need to change a password or verify my credentials, I manually log in to my secure account using a web browser.

Many people use another provider for this sort of thing already. I long used a quiet Yahoo account for verification rather than my familiar Gmail-powered fosketts.net address. But after the recent Yahoo hack I stopped using this account and went looking for something better.

ProtonMail is a Great Backstop

I wanted to find a new account for security and authentication that was really secure:

  • Encrypted at rest with serious security on the back-end
  • Support for complex passwords and two-factor authentication
  • Compatible with ordinary SMTP for incoming and outgoing mail
  • No need to access from ordinary applications or standard IMAP protocol
  • An iOS application would be nice as long as it’s secure too
  • Location in a trustworthy location and legal jurisdiction and developed by credible people
  • Cheap or free and managed (so I have less work to do)

ProtonMail checks all the boxes for me. It’s a secure email account in Switzerland with end-to-end encryption developed by CERN researchers. Internet email is exchanged using standard protocols but is encrypted using per-user private keys for storage. ProtonMail staff can’t access the contents of a mailbox even if they wanted to, and Switzerland has very strong notification and review laws.

Access to each email account uses a second key, which is decrypted on the client side using the account password. Email can be accessed through a browser-based application or mobile application for iOS or Android. And ProtonMail supports two-factor authentication standards, including Authenticator.1 ProtonMail even supports encrypted and authenticated account-to-account communication, but this isn’t one of my requirements.

To be clear: You can not access ProtonMail from a regular mail client. You have to use their webmail or mobile apps. And that’s a feature, not a bug, since it means that all mail access is secure, end-to-end!

In practice, ProtonMail has worked out great for me. I can use my account as the verification email for pretty much any online service and I feel much more confident that it won’t be hacked.

Since I only use my ProtonMail account for verification and authentication, I’m not as concerned with some of the peculiarities of the service. The iOS app works great, but it’s not integrated with everything else on my iPhone like Apple’s Mail app, and I have to enter my Authenticator code fairly frequently, slowing down access. But that’s not a hassle since I only use ProtonMail once every week or so. And they support desktop and mobile notifications, so I know when I need to log in.

Stephen’s Stance

It’s an easy decision: Get a free ProtonMail account and use that as your verification address for important financial and social media accounts. Keep using whatever email account you like for regular communication, but don’t mix security and communication!

  1. They don’t yet support Fido U2F, but I’m not a Yubikey or Trezor user so that’s not a worry ↩

You might also want to read these other posts...

  • Electric Car Over the Internet: My Experience Buying…
  • What You See and What You Get When You Follow Me
  • Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!
  • Introducing Rabbit: I Bought a Cloud!
  • GPS Time Rollover Failures Keep Happening (But…

Filed Under: Everything, Features, Personal, Terabyte home Tagged With: Apple Mail, Authenticator, encryption, Gmail, IMAP, iOS, ProtonMail, security, SMTP, Switzerland, two-factor authentication, U2F, Yahoo

Primary Sidebar

Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining.

Jef Raskin

Subscribe via Email

Subscribe via email and you will receive my latest blog posts in your inbox. No ads or spam, just the same great content you find on my site!
 New posts (daily)
 Where's Stephen? (weekly)

Download My Book


Download my free e-book:
Essential Enterprise Storage Concepts!

Recent Posts

Electric Car Over the Internet: My Experience Buying From Vroom

November 28, 2020

Powering Rabbits: The Mean Well LRS-350-12 Power Supply

October 18, 2020

Tortoise or Hare? Nvidia Jetson TK1

September 22, 2020

Running Rabbits: More About My Cloud NUCs

September 21, 2020

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

Remove ROM To Use LSI SAS Cards in HPE Servers

August 23, 2020

Test Your Wi-Fi with iPerf for iOS

July 9, 2020

Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!

May 29, 2020

What You See and What You Get When You Follow Me

May 28, 2019

GPS Time Rollover Failures Keep Happening (But They’re Almost Done)

April 6, 2019

Symbolic Links

    Featured Posts

    The Ideal pfSense Platform: Netgate RCC-VE 2440

    September 21, 2015

    Datacenter History: Through the Ages in Lego

    October 22, 2013

    Scaling Storage Is Hard To Do

    June 4, 2013

    What’s (Still) Wrong With Dropbox For Business

    April 17, 2013

    10 Mysteries The Lost Finale Definitively Settled

    May 25, 2010

    Co-Processors, GPGPU, and Heterogeneous Computing

    June 26, 2017

    Review: American Standard’s Champion 4 Toilet Flushes Almost Anything

    July 31, 2012

    Why Are PCIe SSDs So Fast?

    June 12, 2013

    A Fairy Tale of Two Storage Protocols

    September 23, 2014

    My 2012 Project: Improving Energy Efficiency

    January 3, 2012

    Copyright © 2021 · Log in