

Messages between ProtonMail users are transmitted in encrypted form within our protected server network. They are also transmitted in encrypted format between our server and users’ browsers. 'Messages are stored on ProtonMail servers in encrypted format.

If you forget your decryption password, we cannot recover your data.' For this reason, we are also unable to do password recovery. It is used to decrypt the user’s data in the browser so we do not have access to the decrypted data, or the decryption password. The second password is a decryption password which is never sent to us. After that, encrypted data is sent to the user. The first password is used to authenticate the user and retrieve the correct account. 'ProtonMail's segregated authentication and decryption system means logging into a ProtonMail account that requires two passwords. The best I can see is what the propose here: Here's where I am also scratching my head too.
