|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
12 Jan 2017, 04:26 PM | #91 |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
|
13 Jan 2017, 09:26 AM | #92 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
|
13 Jan 2017, 12:59 PM | #93 |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
|
17 Jan 2017, 08:19 AM | #94 |
Junior Member
Join Date: Oct 2015
Location: Vancouver Island, Canada
Posts: 19
|
I've been beta-testing the 2FA system for a couple of weeks now.
While still fairly clunky, it's obvious that it's been designed with care and attention to ensure there are no ways to bypass it. One goal they had is to enable this extra layer of security even for those without a mobile device. I'm sure that was a hefty challenge to cross. I use three separate 2FA apps on my mobile device (Google Authenticator, Authy, and Duo Mobile). I've been phasing out Google Authenticator, despite them being the developer of the 2FA protocol, simply because my trust in the company (Google) is lacking, and Duo Mobile is my latest adoption. However, I had trouble with this app allowing the displayed code to log me into Runbox. I'm sure it was a timing issue somewhere. I ended up switching Runbox back to Google Authenticator and all was happy again, so not sure where the fault was. One thing that Runbox really needs to do is to cater better to pure-keyboard junkies, such as myself. I don't want to take my fingers off the keyboard in order to click an icon just to log in. And when I click that icon, I don't want to have to click or press Tab in order to put focus into the 2FA code field. These are design decisions that should be addressed so logging in is swift and convenient, not a hassle. It's a good start and great to finally see it out the door. Did it take too long to get this point? That's purely objective based on the vantage point. I'm confident that from Runbox's perspective, they put service reliability ahead of introducing new features, and I support them on that entirely. But 2FA isn't just a "nice to have", it's essential for many of us to secure our infrastructure. I look forward to the feature and interface being refined over the coming months. Runbox, I hope this experience has also helped you refine your development workflow. Using version-control and sandboxed environments helps to speed up development, while giving you peace-of-mind that changes can be rolled back should disaster strike. I honestly hope that these are parts of your tool chest. And once this feature has reached maturity, let's see those new mobile and webmail apps! |
18 Jan 2017, 12:21 AM | #95 | |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
Quote:
|
|
19 Jan 2017, 04:17 AM | #96 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
Yes, we have been there for a while. We use Git and we have a full replica of our production system for development with separation of all services and most developers get their own servers.
|
20 Jan 2017, 07:33 AM | #97 | |
Junior Member
Join Date: Oct 2015
Location: Vancouver Island, Canada
Posts: 19
|
Quote:
I think having the full system on runbox.com (at /mail) over-complicates matters. It may have been a good time to separate into separate components that work together. At least this is how I approach my infrastructure - clean separation between components so it's not just one giant cluster that's difficult to upgrade and manage. It would be my assumption that this is why it's been such a long and drawn-out project — just too much built into one mammoth, monolithic system. Imagine: - www.runbox.com — the main website - webmail.runbox.com — for checking webmail, that's it! - manage.runbox.com — for managing an account, sub-accounts, etc. Separate systems that work together. But I'm sure it's far too late to offer this suggestion. You already do this for `support`, `status`, etc. so I know you're not deaf to this idea. Looking forward to seeing some improvements, and final deployment so I'm not having to dance between two different browsers to log into my various accounts. Keep up the great work! |
|
26 Jan 2017, 05:24 PM | #98 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
The web app runs at /mail for historical reasons, but everything is modularized in the backend and we are very conscious of structuring services and code in a way that simplifies maintenance and expansion.
The reason the 2FA project took a long time was mainly that we needed to modify each standalone service (2 IMAP services, 2 POP services, SMTP, FTP, etc) to authenticate via one central authentication system. Now that this is done we are finally free to do all kinds of exciting things such as 2FA. We are continuing to focus on security improvements, but we are also building a next generation webmail behind the scenes. This won't stop us from making incremental improvements to the current web interface, though. Stay tuned. - Geir |
27 Jan 2017, 05:19 AM | #99 |
Senior Member
Join Date: Dec 2014
Location: Central City
Posts: 162
|
Geir,
Love and hardwork will make Runbox a masterpiece. Runbox won't run into darkness, neither of its users in 172 countries. It is the best service for many of us here. Cheers! However, I have few questions and considered to start a new thread. Here it is, http://www.emaildiscussions.com/show...420#post599420 Regards, Mek |
3 Feb 2017, 11:00 AM | #100 |
Junior Member
Join Date: Oct 2015
Location: Vancouver Island, Canada
Posts: 19
|
2FA is now officially in place, for anyone viewing this discussion thread.
|