EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   FastMail Forum (http://www.emaildiscussions.com/forumdisplay.php?f=27)
-   -   New features to keep your FastMail account even more secure (http://www.emaildiscussions.com/showthread.php?t=71922)

FredOnline 18 Jul 2016 03:41 PM

New features to keep your FastMail account even more secure
 
https://blog.fastmail.com/2016/07/18...n-more-secure/

janusz 18 Jul 2016 06:55 PM

From the blog:
Quote:

When you set up third party apps to access your FastMail account (such as Outlook or Mail.app on your phone or desktop), in the future you will need to log in to the web first and get a special app password.
I strongly suspect that, when this is implemented, something nasty is going to hit the fan.... :rolleyes:

edu 18 Jul 2016 07:32 PM

I hope I will be able to use FreeOTP app with it...

GeraldR 18 Jul 2016 08:42 PM

2FA via SMS to Two different cell phones
 
Consider someone who is frequently in two countries with a cell phone number for each one (because roaming charges are too high). How do they use 2FA with SMS under the new system?

janusz 18 Jul 2016 08:48 PM

In all cases I know of (not that many, actually), receiving SMS messages is free while roaming.

DumbGuy 18 Jul 2016 09:12 PM

While I'm quite happy with the current Alternative Logins structure, I'm also looking forward to this new password system revamp. I know the FM folks have been planning and developing this new system for a while now, so great to see it's ready for launch.

@GeraldR: Maybe get a free Google Voice phone#. Incoming SMSs there you can set to forward to various destinations simultaneously.

janusz 18 Jul 2016 09:24 PM

Google Voice can be forwarded to US numbers only

DumbGuy 18 Jul 2016 09:36 PM

Quote:

Originally Posted by janusz (Post 595042)
Google Voice can be forwarded to US numbers only

Ok, but they also forward to email addresses. Maybe use a 2nd/free email account just to receive those SMSs from Google Voice? Or, maybe somewhere out there is a email-to-SMS gateway service for the relevant country mobile# being used.

robn 18 Jul 2016 09:55 PM

Quote:

Originally Posted by GeraldR (Post 595038)
Consider someone who is frequently in two countries with a cell phone number for each one (because roaming charges are too high). How do they use 2FA with SMS under the new system?

You can add both numbers. You'll then be offered a choice of number to send to during login.

fmail_fan 18 Jul 2016 10:14 PM

Additional security isn't really a requirement for me. I'm perfectly happy with the current authentication process so I'm hoping that this 2FA change is optional. That's not clear to me based on what I've read so far unless I've missed it.

FredOnline 18 Jul 2016 10:16 PM

Quote:

Originally Posted by robn (Post 595044)
You can add both numbers. You'll then be offered a choice of number to send to during login.

Presumably Fastmail will charge for SENDING the SMS Text?

robn 18 Jul 2016 10:35 PM

Quote:

Originally Posted by FredOnline (Post 595046)
Presumably Fastmail will charge for SENDING the SMS Text?

No. We're wearing the cost on this one. Being locked out of your account because you didn't have any SMS credit would not be cool.

BritTim 18 Jul 2016 10:40 PM

Change is not always good but, on first reading, these seem like well thought out and excellent enhancements.

Will we able to use U2F to secure access to file storage?

robn 18 Jul 2016 10:49 PM

Quote:

Originally Posted by BritTim (Post 595049)
Will we able to use U2F to secure access to file storage?

U2F can be used to secure access to the web interface as a whole, including the files app. It can't be used for WebDAV or FTP because those protocols do not have support for it.

pjwalsh 18 Jul 2016 11:14 PM

U2F and app-specific passwords are great advances in FM login security.

A post comparing U2F with the standard Yubikey OTP:
http://www.emaildiscussions.com/show...7&postcount=24

Chrome supports U2F, Firefox does not.
Sadly, Mozilla has yet to implement U2F support.
Others might list other browsers that support U2F.

Amazon links for U2F capable keys:
Yubikey U2F only 18 USD
Yubikey 4 40 USD
Yubikey NEO 50 USD


All times are GMT +9. The time now is 03:55 AM.


Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy