EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > Runbox Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc.

Reply
 
Thread Tools
Old 4 Aug 2016, 09:18 PM   #46
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,851
Quote:
Originally Posted by jl66 View Post
Not if you disable imap and pop access to those choosing 2FA only by web. That's how other email companies (Posteo for example) are doing it: an option to disable completely imap and pop.
Precisely.

Posteo - who have only been in business for a short time compared to Runbox - have done this and it just works.
FredOnline is offline   Reply With Quote
Old 4 Aug 2016, 09:57 PM   #47
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,851
Quote:
Originally Posted by bipbop View Post
Actually three months since they announced they had started their "sysadmin and test phase". As far as I can see, nobody on these forums has been asked to be testers. That isn't a good sign.
This is interesting to note.

I had previously asked Runbox if people from this forum would be invited to test 2FA, and the answer was yes.

Possibly they are testing this with forum members, but you would expect some feedback here.

Not promising.
FredOnline is offline   Reply With Quote
Old 4 Aug 2016, 10:16 PM   #48
Geir
The "e" in e-mail
 
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,910

Representative of:
Runbox.com
Quote:
Originally Posted by jl66 View Post
Not if you disable imap and pop access to those choosing 2FA only by web. That's how other email companies (Posteo for example) are doing it: an option to disable completely imap and pop.
And that's one of the features we have been developing as part of the 2FA project, of which a new authentication service is a central component.

As mentioned previously, what we've called 2FA includes functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords.

- Geir
Geir is offline   Reply With Quote
Old 5 Aug 2016, 01:13 AM   #49
Jason4
Junior Member
 
Join Date: Jul 2014
Posts: 5
Quote:
Originally Posted by Geir View Post
Other projects running in parallel such as calendaring (CalDAV) have not delayed 2FA because they're being worked on by different people (in this specific case, by the people behind sabre/dav).
Many companies attempt excuses along these lines... If, for example CalDAV, and 2FA are worked on by different people then you need to realign your workforce with what is important. Fire some CAlDAV people and hire some more 2FA people.
Jason4 is offline   Reply With Quote
Old 5 Aug 2016, 05:29 AM   #50
Geir
The "e" in e-mail
 
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,910

Representative of:
Runbox.com
Quote:
Originally Posted by Jason4 View Post
Many companies attempt excuses along these lines... If, for example CalDAV, and 2FA are worked on by different people then you need to realign your workforce with what is important. Fire some CAlDAV people and hire some more 2FA people.
What you are suggesting could easily have delayed both projects even further (Brooks' law).

CalDAV was a much smaller project involving an external team, and canceling that project would not have helped the 2FA project along at all while also making everyone who was waiting for calendaring wait even longer.

As simple as 2FA may seem on the surface, Runbox consists of a number of integrated (and due to Runbox' long history, a few legacy) services that first needed to be modified to authenticate through a central authentication service that we built from scratch.

It's been our most ambitious development project yet, involving 4-5 experienced programmers and sysadmins who together have built a system that is secure, robust, and scalable and that we're quite proud of.

It's been a significant investment for Runbox and we are eager to show it to everyone.

- Geir
Geir is offline   Reply With Quote
Old 5 Aug 2016, 09:02 AM   #51
kservik
Cornerstone of the Community
 
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 545

Representative of:
Runbox.com
Quote:
Originally Posted by bipbop View Post
Actually three months since they announced they had started their "sysadmin and test phase". As far as I can see, nobody on these forums has been asked to be testers. That isn't a good sign.
Well, it is not really a sign of anything bad.

The good news is that we have added more and more programmers over the last 6 months and they have been working on a lot of different projects.

Around April/May we decided to deploy on Ubuntu 16.04, so we needed to change some of our other code to make that possible.

Right now we have finished what we needed to do and are getting ready for a beta.

The previous testing was all internal. With so many changes at once, that was needed.

Kim
kservik is offline   Reply With Quote
Old 22 Aug 2016, 07:55 PM   #52
mekitron
Senior Member
 
Join Date: Dec 2014
Location: Central City
Posts: 157
I think, work is still in progress.
mekitron is offline   Reply With Quote
Old 1 Sep 2016, 04:19 PM   #53
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
Well...
+5 months now
jl66 is offline   Reply With Quote
Old 16 Sep 2016, 04:14 PM   #54
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
I renewed in October 2015 thinking 2FA was very close to finish, or so I was told... Well, Runbox will be very happy to see me finishing the service with them and so my last post in the beginning of October posting + 6 months. I hope 2FA will be ready to use soon for many other people but I will not be there anymore.
jl66 is offline   Reply With Quote
Old 16 Sep 2016, 04:21 PM   #55
kaisersoze
Junior Member
 
Join Date: Mar 2015
Posts: 11
Quote:
Originally Posted by jl66 View Post
I renewed in October 2015 thinking 2FA was very close to finish, or so I was told... Well, Runbox will be very happy to see me finishing the service with them and so my last post in the beginning of October posting + 6 months. I hope 2FA will be ready to use soon for many other people but I will not be there anymore.
I bailed out a long time ago. This company has lost all its credibility to me. I just check this thread to have a laugh from time to time.

Why would I continue to trust and pay for an email service to a company unable to implement a basic security feature? Their homepage display a SAFE and they sell you the service by appearing they tick all the security checkboxes?

What a joke! Zero Credibility.
kaisersoze is offline   Reply With Quote
Old 16 Sep 2016, 05:23 PM   #56
Geir
The "e" in e-mail
 
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,910

Representative of:
Runbox.com
Update

We have now completed the deployment of the new authentication service cluster, which comprises 3 servers with automatic failover. This was necessary to ensure a reliable and stable authentication regime and prevent it from becoming a single point of failure.

We have also revised the new Account Security web interface to ensure it's intuitive and user-friendly enough for everyone.

We're now proceeding with deployment of the various services that will be connecting to the authentication service, and will keep you updated on our progress.

- Geir
Geir is offline   Reply With Quote
Old 19 Sep 2016, 04:03 AM   #57
mekitron
Senior Member
 
Join Date: Dec 2014
Location: Central City
Posts: 157
Smile

Quote:
Originally Posted by kaisersoze View Post
This company has lost all its credibility to me. I just check this thread to have a laugh from time to time.
No, I don't laugh. Why should I? How many email users seriously take 2FA? I roam around the world and I have no money to pay international roaming on my phone for a sms just verifying that I am logging into my email.

When did Fastmail implemented a competitive 2FA? And then, what were the results... huge (useless) storages with 100% price increases; kicking out all users from developing economies. They, themselves are from a developing economy, though.

Runbox has suffered huge losses in previous years but now they are really working around, and it is credible.

Anyway, there is no reason to leave but wait patiently. A good passphrase can save anyone's head on any server.

Quote:
Originally Posted by Geir
We have also revised the new Account Security web interface to ensure it's intuitive and user-friendly enough for everyone.
I expect a full revision of webmail interface; say it RMM 7.0. But never promise any thing, you know what happens when you promise. It's better to have a roadmap online.
mekitron is offline   Reply With Quote
Old 19 Sep 2016, 10:25 PM   #58
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
mekitron: I see you have different expectations with emails, but not all the people are like you. Today, if you want a relative security you need 2FA, and you don't need SMS with 2FA, it can be even with smartphone apps (and more secure) and many other combinations, so if some email company are saying a lot about security (even in the website) and after more than 1 year there is nothing, then I think we have the right to complain, or not?. And YES, we have waited patiently, even I renewed because 2FA was very close as a feature (1 year has passed), then they told us that it was almost finished and 5 months have passed... I loved Runbox, but not anymore, I have lost my faith and my patience and I payed for nothing: only to forward all my emails to another email company with 2FA (well, at least the aliases were great). If you love Runbox then that's great, it's your choice and I understand that you or others are looking for different features than me or others.
jl66 is offline   Reply With Quote
Old 20 Sep 2016, 01:38 AM   #59
David
Ultimate Contributor
 
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
Quote:
Originally Posted by jl66 View Post
mekitron: I see you have different expectations with emails, but not all the people are like you. Today, if you want a relative security you need 2FA, and you don't need SMS with 2FA, it can be even with smartphone apps (and more secure) and many other combinations, so if some email company are saying a lot about security (even in the website) and after more than 1 year there is nothing, then I think we have the right to complain, or not?.
I would agree that you have the right to complain jl66: OTOH, when travelling, oft times I have been waiting for a text message, when using an older smart phone that will not work with the latest App's. In these kinds of situations you are often using a newly activated local SIM card, 2FA (via text message) is mandatory, your plane is on the runway; your text message (to activate your phone and your email account, both) never arrive - such are the joys of budget travel

2FA (as a security tool) is not the only form of security I will add.
David is offline   Reply With Quote
Old 20 Sep 2016, 01:47 AM   #60
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
Well David, I normally use an opensource app as 2FA: freeotp (from RedHat). I use it in my smartphone and in my tablet, so if I lose one device I can add another device in the app (or a new one) from the other. I don't need internet to use it. And if something terrible happens (if I lose both devices) there are other ways to recover my account.
jl66 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 08:54 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy