Ok ProtonMail, this is seriously Bad
jernejadamic.medium.comDid this account have a second factor? It's highly unusual for 2fa protected accounts to be compromised. And, proofs of possession usually come alongside the second factor: one time recovery codes.
Im just saying that the level of paranoia which leads to protonmail being the recovery mail address probably leads to it needing 2fa, and strong proofs of possession. Which should permit lower bar recovery of the account: if you can demonstrate its a false positive you can also demonstrate you are "you" in this context.
Admitting you broke the T&C suggests to me you might not want to armour up with accusations. You sure want protonmail to DTRT but you also have now conceded they can blow you off pretty much at will for breach of terms.
Totes sucks btw. I hope you regain. I also hope you have a backout plan to move account recovery mail while you still have control of other emails. Maybe hushmail? Or fast mail (I know, au crypto laws)
2FA is risky for me as I travel internationally a lot and non-working number can be a real hassle (it happened already, I was locked out of services because of that). Verificators can be also tricky if you loose phone...
Honestly, having 2 accounts on PM should not be an issue (they prohibit mass creation of free accounts, but a bit unclear where is the line)
So good ole email makes the most sense.
Thanks, PM replied with some demands, so let me see..
But it sucks, yeah.
> 2FA is risky for me as I travel internationally a lot and non-working number can be a real hassle
This is "2FA by SMS message" -Most people use TOTP which is an authenticator using time based cyclic number generation from a seed.
The 2nd factor doesn't have to be solely in a phone: Bitwarden &c can handle the TOTP. I know this weakens the value, but it does exist as an option.
Good ole email doesn't make the most sense. Its highest risk. You're basically living in the exposure to the risk right now, howling at the moon. So, against theoretical vs actual risk, your actual risk right now, is the lack of proofs of ownership to recover access to emails. (it's not your primary problem. Thats being locked out)