2FA in beta test
 

The beta test of our new Account Security interface, which includes two-factor authentication, is now starting!

Those who have asked to participate will have their accounts patched to our new production servers where the Account Security screen is available from the Account interface. We will inform each of you when this has been done.

If you would like to participate in the beta test, please contact Runbox Support.

In the meantime, Happy Holidays! :)

- Geir

2FA Beta
 

It looks like you guys pulled it off Geir. I've tested most of the 2FA features and everything looks good. RunBox team -- Great job!

Thanks for the feedback!

It took some time but I think we spent 2016 well.

Stay tuned for 2017!

- Geir

Sorry if this has come up before, but what kind of 2FA solutions do you offer? Hopefully Yubikey is one of them? :)

I have not seen any 2FA options to include YUBI key. (I've got one of these too.) I am currently using 2FA via Google authenticator TOTP and it works very well. If you store your "secret key" in a secure place you can not only use your phone but the Google authenticator plugin in your browser. Here are the options and a link to the Account Security Page at RunBox.

Two-Factor Authentication

When Two-Factor Authentication (2FA) is enabled, you will have the following options:

Timed One-Time Passwords (TOTP): To use this option you will need a smartphone and some free software. This option works by giving you a login code which changes over time, in addition to your password.

One-Time Passwords (OTP): When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically can not be used again
.
Trust browser: This allows the server to trust your current web browser so that you don't have to use a 2FA code.

Unlock code: If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.

https://help.runbox.com/account-security/

I think their 2FA implementation is rock solid.

Perhaps they'll add Yubi in the future. In the meantime this sounds good! Thanks!

Doh! Never mind..

means of notifications
 

I wish, if you could use other means of notifications as well to notify the customers. For example: A tweet and/or an email. :eek:

I just sent Runbox a request to test the service. I didn't know, if it has been made available to test. I had good holidays with Runbox after all. Fantastic services when I look onto competitors. :)

Yes, we have some code for it already, but the plan is to launch without it and add it after launch.

Kim

After trialling the new 2FA for a few weeks, and on different browsers, I'm quite pleased with the outcome.

I've set up 2FA (TOTP version). Everything looked fine under the setup process. I generated a code from Google Authenticator and it was accepted. It's active.

But the 2FA never comes up when I logging in with user/pw. Perhaps I've misunderstood something?

Check that you've enabled 2FA - screencap:

https://s30.postimg.org/9z3gy6kxt/Untitled.jpg

Also, if you've logged in with 2FA, and trusted your browser in the Runbox settings, you shouldn't see (unless you delete cookies) the 2FA option at login again.

Aha! The master switch escaped my attention. Thanks! :)