EmailDiscussions.com - New features to keep your FastMail account even more secure

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)

- FastMail Forum (http://www.emaildiscussions.com/forumdisplay.php?f=27)

- - New features to keep your FastMail account even more secure (http://www.emaildiscussions.com/showthread.php?t=71922)

Quote:

Originally Posted by langreisboete (Post 595415)

Why would you prefer the current situation above the opposite one?

We can develop hypothetical scenarios to justify either option. My scenario was based upon my assumption of what FM was thinking, and that the average user doesn't use untrusted computers three times a week.

Honestly.. I could care less what FM opts to do. I don't use untrusted computers. If I'm staying at a hotel and need to print something, I forward the email to a garbage Yahoo account and print it from there.

My initial reply to glass was more a rub of his "have fun unticking the checkbox every single time you login for the rest of your life" comment. I appreciate the sensationalism, but it's a checkbox......

Quote:

Originally Posted by RickNY (Post 595420)

Is this why FastCheck stopped working for me this morning? I've tried using app passwords for it, and it still doesn't work. My iOS Mail client continues to work, as well as Outlook - without making any changes.

FWIW -- my FM account is @sent.com

.... and I never received any sort of email regarding these changes.

Yeah... no announcement at all... :(

Blog post should explain most.

blog.fastmail.com

Quote:

Originally Posted by ChinaLamb (Post 595423)

Blog post should explain most

If you know about the blog... :mad:

Quote:

Originally Posted by janusz (Post 595426)

If you know about the blog... :mad:

That's why I posted it.

This was flubbed by Fastmail...

Communication has been a relatively weak point for them. I think they talk about it internally, post it on the blog, and assume they have communicated it... I just don't go to the blog much. I only knew about this because I saw it in the forums a week ago.

/cl

Quote:

Originally Posted by sflorack (Post 595421)

Honestly.. I could care less what FM opts to do. I don't use untrusted computers.

Exactly my point, the current situation has downsides in case you do, but the opposite one doesn't have one in case you don't.

Quote:

Originally Posted by langreisboete (Post 595415)

I have to agree with glass.

The current situation is:
You have 5 computers you trust, you login without checking. You never have to recheck them again (except see below).

You go to the public computer three times a week, you have to uncheck them every single time. When you forget, you first have to notice it and second, you have te delete it from trusted computers. Except, you can only do that from that specific computer, because in the settings page it says "this computer is trusted, reset here" OR "reset all computers". You cannot reset another single computer from another computer. If you reset all computers, you have to trust them all over again, until you make the mistake for a second time. Additional, if you do not notice it, you cannot notice it at all because there is no overview of trusted computers.

The opposite situation would be:
You have 5 computers you trust, you have to check the box once per computer.

You go to the public computer three times a week, no futher actouns required.

That's it.

Why would you prefer the current situation above the opposite one?

Good suggestion. I also agree that the checkbox should be unchecked by default. If for some reason I sign in from a friends computer I dont have to remember to uncheck the checkbox; but even if I forget once to check the checkbox on a trusted computer I can always check it next time I log in.

Is there a way that I can restrict fastmail mobile app (IOS) to sign out automatically after a week or less? If so I will add my mobile to untrusted computer and will be happy to put in TOTP Code once a week or even 3 days.

Otherwise the new security changes are excellent. I feel more secure about my emails, files, notes and contact information from now on. Good Job Fastmail Team;

Changed settings under 'Password & Security', they were easy once instructions are read carefully. I use 1password for generating code and I get about 1 minute to enter that upon logging in.

2 initial thoughts:

1. I add my voice to changing the default from "trust this computer" to leaving it unchecked.

2. I can't seem to get my Yubikey set up. It worked with an alternative login on the old setup. Now I get the "Waiting for device message" and it doesn't recognize when I press it. (It works fine in Notepad, so it's not the Yubikey.)

@akorvemaker : If your Yubikey is the single-factor type, it won't work beginning today. From today's blog post: "A few rarely used types of alternative login were discontinued today. If you had one of these set up, you will no longer be able to use it to log in. You will need to use your master password. The affected types are: ... Yubikey one factor (no base password) ..."

The issue with the trust-this-computer checkbox... I've seen this same problem on other sites. A great solution is to either leave it unchecked by default (as others have said above), or have a browser cookie set to remember the unchecked state from an earlier session.

Quote:

Originally Posted by DumbGuy (Post 595445)

Yeah, the old Alternative Logins had the option to just the Yubikey without any other password. That's what should be gone. I want to add the Yubikey as a second factor now. It is one of the supported options, but it doesn't seem to be recognizing mine. Thanks for the thought though!

Quote:

Originally Posted by akorvemaker (Post 595440)

1. Me too
2. Me too - thought this was just a fault at my end.

I’m yet another person who these changes make less secure.

I access my home computer through a wifi system that my landlord owns. It’s password protected, but is probably susceptible to attacks, so I use a 2 factor yubikey to get into my webmail.

At work I’m constantly shifting between computers that we all use. Using 2 factor auth just isn’t practical in the fast paced environment I work in. The social repercussions of using 2 factor auth isn’t great either… it just makes you look very paranoid in comparison to others. Yes, cookies on work computers are cleared out every day unfortunately.

Alternate logins helped me function differently in different environments. Why take that away?

Is there any way of tricking webmail to take an app password? That would seriously solve all my problems.

Quote:

Originally Posted by akorvemaker (Post 595440)

3. This gave me the kick in the pants I needed to order a FIDO U2F key :)

Overall I suspect it'll be a good change once I get used to it, but I was really accustomed to my alternate logins.

Lots of authenticator apps available for your smart phone too...

Quote:

Originally Posted by ChinaLamb (Post 595451)

Lots of authenticator apps available for your smart phone too...

Well, yeah, and that's what I'm currently using. But I do like having backup options, and this gave me an excuse to buy a new toy...

Revoke a client's access

The document states;

"Revoke a client's access
Lost a device? Stopped using a particular app? To revoke a password for a particular device:

Open the Settings → Password & Security screen.
Enter your password to unlock the settings.
Find your device in the App Passwords list and click the Remove button to revoke the password."

What will this do? Will it remove existing emails and contacts from the client or just stop syncing future emails and contacts but show previous emails and contacts?

I do not want to test this on my mobile.