EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 15 Jun 2008, 10:09 PM   #1
MagicDavid
Senior Member
 
Join Date: Aug 2005
Location: England, UK
Posts: 164
Cool Alternative Logins - One time passwords have arrived!

Wow! Some great beta features launching at the moment - first LDAP and now one time passwords.

I've just noticed an 'Alternative Logins' link under the 'options' menu on the beta server.

It lets you generate a sheet of one time passwords. I assume this is the first part of Brong's new password security project that I hope might include Open ID and SMS passwords sometime in the future.

Great work guys!

Last edited by MagicDavid : 16 Jun 2008 at 09:56 AM.
MagicDavid is offline   Reply With Quote

Old 15 Jun 2008, 11:44 PM   #2
shljoel
Junior Member
 
Join Date: Jul 2003
Location: Jerusalem
Posts: 24
Lightbulb Otp

The OTP (One Time Password) feature is a really good feature.

Safe-mail.net added the first version of OTP last more than a year and are going to publish the "next generation" soon.
shljoel is offline   Reply With Quote
Old 18 Jun 2008, 07:26 AM   #3
Prognathous
Master of the @
 
Join Date: Aug 2002
Location: Israel
Posts: 1,056
Any idea how to log in using the passwords in the generated list? I don't think the regular login screen accepts one-time passwords.

Prog.
Prognathous is offline   Reply With Quote
Old 18 Jun 2008, 08:14 AM   #4
MagicDavid
Senior Member
 
Join Date: Aug 2005
Location: England, UK
Posts: 164
Try using your normal username and then enter one of the OTPs instead of your usual password. You might need to use www.fastmail.fm/beta
MagicDavid is offline   Reply With Quote
Old 18 Jun 2008, 03:26 PM   #5
Prognathous
Master of the @
 
Join Date: Aug 2002
Location: Israel
Posts: 1,056
Thanks David, it works!

OTP is a major new feature. Fastmail.fm should finish testing, release it soon and then do what they're not used to - advertise it. It's been a while since they last added such a killer feature.

Prog.
Prognathous is offline   Reply With Quote
Old 19 Jun 2008, 05:11 AM   #6
MagicDavid
Senior Member
 
Join Date: Aug 2005
Location: England, UK
Posts: 164
You're absolutely right - I can finally use Internet Cafés without the worry of keyloggers and password sniffers! Hooray!
MagicDavid is offline   Reply With Quote
Old 19 Jun 2008, 08:49 AM   #7
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,226
Quote:
Originally Posted by MagicDavid View Post
You're absolutely right - I can finally use Internet Cafés without the worry of keyloggers and password sniffers! Hooray!
Does an OTP allow full access to the account, or have any features been crippled?

It would be great to see access only to the mailbox, and no access to options, etc. through a otp. To prevent someone from stealing the account - or worse...

Thanks OTP is GREAT!
ChinaLamb is offline   Reply With Quote
Old 19 Jun 2008, 02:55 PM   #8
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,226
A few observations:

I cannot change the main password with an OTP: Excellent
I cannot change the alternate email address with an OTP: Excellent

I can, however:
Redirect all email to another email address with an OTP
Create multiple additional OTP sets with an existing OTP
Redirect or change domain settings wtih an OTP

Nothing that cannot be undone, mind you, but it has the potential to cause a few headdaches.

Looks good so far. Sorry - Looks EXCELLENT so far...

We are seeing a lot of the features implimented that we were requesting.



/CL
ChinaLamb is offline   Reply With Quote
Old 19 Jun 2008, 02:56 PM   #9
robmueller
Intergalactic Postmaster
 
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102

Representative of:
Fastmail.FM
I know Bron wants to add the option for "full access" or "restricted access" when you create the OTPs.

Restricted would probably mean:
1. No deleting emails/files
2. No seeing emails > 1 month old
3. Session expiry always after 2 hours (eg normally a 2 hour session means "2 hours since last access" so moving between pages keeps the session alive. with restricted mode it would be strict 2 hours from login)

Or something along those lines.

Rob
robmueller is offline   Reply With Quote
Old 19 Jun 2008, 04:41 PM   #10
Prognathous
Master of the @
 
Join Date: Aug 2002
Location: Israel
Posts: 1,056
This looks even more promising Rob. If possible, please restrict access to Drafts and Notepad. Some of us keep "sensitive" data in there

Prog.
Prognathous is offline   Reply With Quote
Old 19 Jun 2008, 07:28 PM   #11
hankfoner
Essential Contributor
 
Join Date: Jul 2007
Location: Jerusalem, Israel
Posts: 365
Quote:
Originally Posted by Prognathous View Post
This looks even more promising Rob. If possible, please restrict access to Drafts and Notepad. Some of us keep "sensitive" data in there

Prog.
I am not so sure about that. I keep stuff in Notes that I would really want when away from home, e.g. the family address book which I stupidly forgot to pack on a recent trip to Europe. But perhaps the possibility to access (or not ) Notes etc with OTP's could be built into the Preferences.
Hank
hankfoner is offline   Reply With Quote
Old 20 Jun 2008, 09:37 PM   #12
GeraldR
Essential Contributor
 
Join Date: Apr 2007
Location: Canada
Posts: 225
OTP with DAV

How do I use the one time passwords with DAV to upload to my files?

Last edited by GeraldR : 20 Jun 2008 at 10:36 PM.
GeraldR is offline   Reply With Quote
Old 21 Jun 2008, 01:46 PM   #13
lambretta
Junior Member
 
Join Date: Sep 2005
Location: Perth, Australia
Posts: 12
Is this an implementation of the PPP system written by Steve Gibson and GRC?
lambretta is offline   Reply With Quote
Old 24 Jun 2008, 11:40 AM   #14
robmueller
Intergalactic Postmaster
 
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102

Representative of:
Fastmail.FM
You can't use OTPs with DAV. Unfortunately because of the way DAV works there's no "session", and every single upload is a separate request, and thus would be a separate OTP event.

It's a custom implementation, but I'll read the PPP stuff...

Rob
robmueller is offline   Reply With Quote
Old 24 Jun 2008, 08:04 PM   #15
GeraldR
Essential Contributor
 
Join Date: Apr 2007
Location: Canada
Posts: 225
Quote:
Originally Posted by robmueller View Post
You can't use OTPs with DAV. Unfortunately because of the way DAV works there's no "session", and every single upload is a separate request, and thus would be a separate OTP event.
. . . .
Oh. I'll have to wait for a one-hour password option in alternative logins.
GeraldR is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 10:44 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy