I hope this is voluntary and not mandatory. If mandatory I may have to look for another email provider and what a pain that will be. :confused:
|
My reading of this is that, if you just use a single password for access to your account, the only change you will see if that the URL of the login screen changes.
For people who only use email for casual correspondence, these changes are not especially important. However, where email contains potentially confidential communications, it becomes important to keep accounts secure. 2FA, and especially U2F, are useful tools in assisting to ensure this, as are app/device specific passwords. |
Quote:
|
I'm currently only seeing the old "Alternative Logins" when will the Two-Factor options be available?
|
You could go to the link in post #1 and read it.
|
Quote:
Read it before, missed that detail. /cl |
Quote:
Launching next Monday July 25. Current alternate logins terminate August 31. If you're currently using our "alternate logins" system, you will need to migrate to the new system sometime in the next month. We will be removing all old-style "alternate logins" on 31st August. Also, please note that if your alternate login has a second factor, you will now be asked for this after submitting your username and password, rather than entering it on the initial login page.https://blog.fastmail.com/2016/07/18...en-more-secure -- There'll be blog posts each day this week explaining the new login security features in detail. |
Quote:
Quote:
There is an extension for Mozilla, but no native support yet. I'm told that there are Mozilla engineers interested in it, but its currently quite difficult to do securely in Mozilla due to the lack of sandboxing. I'm sure they'll get there in time. Quote:
Of course we'll continue supporting TOTP and other methods for the forseeable future. |
Quote:
|
Quote:
|
Quote:
https://addons.mozilla.org/en-US/fir...support-add-on -- You can test a U2F key here: https://demo.yubico.com/u2f |
Quote:
This is easier for Chrome to protect against because it already has its sandboxing model where as a last line of defence, Javascript can't do anything outside of its running context (usually the current tab). Mozilla doesn't have this sandboxing model, mostly for legacy reasons, so the USB supports needs to be implemented very carefully. It can't afford to be wrong as there isn't that last line of defence. The (long) dev discussion is here: https://bugzilla.mozilla.org/show_bug.cgi?id=1065729. Back to your original question about the extension. I don't know anything about it really, and I'm not a Mozilla user, so I can't really say anything about its security characteristics. If its implemented the way that seems obvuous to me (a secondary task using libu2f-host to communicate with the U2F device) then it's probably not too bad and I would probably use it. Ultimately though you don't really have much guarantee about anything unless you're willing to go to a lot of effort. Chrome could be broken for all I know. I trust my browser because the alternative is more effort than its worth. You know your own security needs, so you'll need to make the best choice for yourself. |
Quote:
|
2FA via SMS to Two different cell phones
Quote:
|
Has anyone had notification from Fastmail of the new features in their Fastmail inbox?
I've had nothing yet. |
All times are GMT +9. The time now is 08:19 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy