Did I get that unlucky and get assigned a bad IP?
Its mobile data btw.
And I don’t wanna point fingers and blame Proton, but like… c’mon,
First of all, its a real IP address,
Second, even if it were a VPN, so what, your company literally runs a VPN lol, kinda ironic.
And its also a paid account, and I rarely (almost never) send outgoing emails.
But again, this is just a small annoyance, I generated a new password in Keepass and its seems fixed.
The alert seems to indicate a compromised account, this can mean a lot more than “a bad IP”. Your account may have shown up in a “dump” and they took action to ensure your safety. Have you tried putting your email address into HaveIBeenPwned. While the normal recommendation would be to not put your email address in a random web form, this site is actually run by a well known security researcher and just lets you know if you have shown up in such a dump in the past.
Another possibility would be that they have seen a major change in your IP geolocation in a short time. This is referred to as “improbable travel” and it’s something which many security departments take action on. If you login from an IP address which is associated with Paris, France and then an hour later are logging in from Dubai, UAE, this is going to be flagged. Sure, you might travel between those two locations, but you ain’t doing it in an hour. So, your account gets flagged as possibly compromised.
Right, but they may not know that you are using another VPN. So, continuing the issue above of “improbably travel”. If you are on Proton’s VPN, they know all of their exit IP address and likely take them into account. But, if you are using a different company’s VPN, Proton likely doesn’t know all of that company’s exit IP addresses and so can’t account for them. Consider the situation from their perspective:
No matter what, Proton is going to lose out a bit to you being unhappy. However, if they force the password reset, the worst case is you being slightly annoyed about a password reset. By not taking action, they risk your account being fully compromised, which can be very, very bad for you. So, they are likely to be more proactive in forcing a password reset than you might like. This will be especially true if you do not have any sort of two-factor authentication setup. If the whole game is lost by one password being lost, any whiff of that password being compromised will result in a password reset.
Ultimately, it is am annoyance but one which is actually positive for you. They take your email security seriously enough that, when their system detected something, they took action to keep you safe.
Yeah, make sense, this is exactly what mildlyinfuriating is lol, not something that ruins your life, just a slight annoyance that might or might not be anyone’s fault, just unfortunate circumstances of the world (the unfortunate circumstance of the fact that fraudsters and hackers exist)
Ya, I just find that the mildly infuriating things can be less so by knowing why they are happening. As someone who regularly resets user passwords professionally (not for Proton), I figured I could give some insight into why this happens.