Thread: SMS as 2FA yet?
View Single Post
Old 3 Jan 2017, 10:55 PM   #9
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by edu View Post
Thank you. I thought FM was not supporting time-based one-time passwords anymore, or do you mean about another way to do it, can you tell me more?.
FastMail still supports time-based one-time passwords as part of its new two-factor authentication system, but unlike the old "alternative logins" feature, these don't replace your FastMail password, but rather supplement it (hence the "two-factor" aspect).

The new 2FA system also supports only TOTP now for one-time passwords — either via a TOTP app like Google Authenticator or a Yubikey OTP device; the old static OTP lists that you could print are no more. Alternatively, you can also use the even more secure U2F method, assuming you have a U2F device and are using a browser (Google Chrome) that supports U2F.

To be fair, though, I also sort of lied about SMS not being available — FastMail does provide SMS authentication as a backup situation in the event that you don't have access to your TOTP device or U2F key, but it's clearly intended to be more of a backup/recovery method than a primary authentication method, but technically speaking, it does work in about the same way; I think FastMail just makes it a "backup" method to steer people toward the more effective TOTP/U2F system.

You can get an SMS code when logging in by clicking the Send a code to your backup phone number link at the bottom of the second-factor screen (this of course assumes you've added your phone number in the "Account Recovery" section in your FastMail "Password & Security" preferences.
jhollington is offline   Reply With Quote