I have a hard time adding protonmail to my "generally regarded as safe" mail provider list when they haven't been able to implement Webauthn security key support (aka U2F security keys / FIDO security keys).
Yes, they support Multi-Factor authentication, but only via phishable methods (TOTP)[1]. They have been "trying" for years[2] to implement U2F but for some reason haven't been able to figure it out yet /shrug