EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 22 Jul 2016, 10:09 AM   #61
neilj
Cornerstone of the Community
 
Join Date: Apr 2004
Location: Melbourne
Posts: 971

Representative of:
Fastmail.fm
Printed OTP, 1hr passwords and Yubikey without a base password (1-factor Yubikey) will no longer work from Monday. You will need to use your master password if you currently use one of these types of alternate login. The few users with these types should have been emailed; apologies, I will follow up ASAP to find out what's happened to that.

All other types of alternate login (regular password, two-factor Yubikey, two-factor SMS, two-factor TOTP) will continue to work until the 31 August.

Neil.
neilj is offline   Reply With Quote
Old 22 Jul 2016, 10:10 AM   #62
DumbGuy
Senior Member
 
Join Date: Oct 2008
Posts: 157
Quote:
Originally Posted by gardenweed View Post
Yeah that's why I asked the question. I don't understand clearly what these posts mean to me.

The printed OTP that I use, I understand are timed. I think maybe 1 or 2 hour sessions.
So are these actually the TOTP's being referred to and will remain?
If not, what are the existing TOTP's being referred to?
There are several login methods that are timed, not just the paper tokens one.

TOTP, if I understand correctly, refers to the Google Authenticator method (and similar apps) that's been mentioned.

I think the paper sheet method that you use (and I used to use) is one of the methods being removed with the new security scheme.

But maybe I'm wrong on that. If so, I can print out a new sheet once we're on the new login system. Or I may bail, as I rarely used it.
DumbGuy is offline   Reply With Quote
Old 22 Jul 2016, 10:43 AM   #63
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 470
Quote:
Originally Posted by neilj View Post
Printed OTP, 1hr passwords and Yubikey without a base password (1-factor Yubikey) will no longer work from Monday. You will need to use your master password if you currently use one of these types of alternate login. The few users with these types should have been emailed; apologies, I will follow up ASAP to find out what's happened to that.

All other types of alternate login (regular password, two-factor Yubikey, two-factor SMS, two-factor TOTP) will continue to work until the 31 August.

Neil.
Jeeez Neil..
How about just a simple declaration of what is going and what will be in its place.
- without having to read through the blogs trying to find those needles in the haystack.
Basic MOC stuff:
  1. Today you have features ABC
  2. We are changing these things DEF
  3. And you will be left with the set of features XYZ

PS - I've not received any email about my printed OTP's being dropped.
Which is one of the reasons I was confused about this. It's Friday, and come Monday they won't work, yet the said email has not arrived.
gardenweed is offline   Reply With Quote
Old 22 Jul 2016, 11:07 AM   #64
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,519
Quote:
Originally Posted by gardenweed View Post

PS - I've not received any email about my printed OTP's being dropped.
Which is one of the reasons I was confused about this. It's Friday, and come Monday they won't work, yet the said email has not arrived.
Also what about the customers who don't visit the forum ?
Terry is offline   Reply With Quote
Old 22 Jul 2016, 03:45 PM   #65
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,927
Quote:
Originally Posted by Terry View Post
Also what about the customers who don't visit the forum ?
As robn has stated previously, this forum is not an official Fastmail channel for communicating with their customers.

It seems they prefer to communicate via Twitter, although saying that, their posts about the new change are consisting of just links to their blog.

So I think a lot of people may miss this completely.

More information about the new change posted in the Fastmail Blog:

https://blog.fastmail.com/2016/07/22...tor-apps-work/
FredOnline is offline   Reply With Quote
Old 22 Jul 2016, 04:22 PM   #66
glass
Member
 
Join Date: Dec 2013
Posts: 54
Quote:
Originally Posted by FredOnline View Post
As robn has stated previously, this forum is not an official Fastmail channel for communicating with their customers.
Until 15 minutes ago this forum was the only place to find out that OTP is going to stop working in 3 days. So it's either check this forum or get a nasty surprise on Monday when you can't login because you didn't see the notification email that came through at 6:05 pm on Friday night.
glass is offline   Reply With Quote
Old 22 Jul 2016, 04:31 PM   #67
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,519
That was my point, so why not an email with all the links so that EVERYONE will know what's going on.

Long term less support tickets..

Last edited by Terry : 22 Jul 2016 at 05:07 PM.
Terry is offline   Reply With Quote
Old 22 Jul 2016, 05:07 PM   #68
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,927
I've just, within the past few minutes, received e-mails from Fastmail about the new changes into my Fastmail inboxes.
FredOnline is offline   Reply With Quote
Old 22 Jul 2016, 05:08 PM   #69
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 470
Quote:
Originally Posted by neilj View Post
......

All other types of alternate login (regular password, two-factor Yubikey, two-factor SMS, two-factor TOTP) will continue to work until the 31 August.

Neil.
And the recently received email says
Quote:
"After 31st August, these alternative logins will also stop working."
So what happens after 31-Aug?
What login methods will remain?
gardenweed is offline   Reply With Quote
Old 22 Jul 2016, 05:17 PM   #70
edu
Member
 
Join Date: Jun 2016
Posts: 98
And I still don't know if FM Classic and FM Mobile website (m.fastmail.com) will continue or not.
Some important websites like hushmail and many others are still offering a mobile website even working with 2FA (example: m.hush.com), I hope FM will do it too...
edu is offline   Reply With Quote
Old 22 Jul 2016, 06:18 PM   #71
tobiasdr
Member
 
Join Date: Sep 2011
Posts: 43
Uh, wait? Am I getting this right? FM is removing the only really secure 2F login option (otp list+password) that doesn't require any complex, special or hard-to-setup technical equipment?

If that's the case then it's truly a setback and I'm disappointed. Will probably end up just logging in with my master password instead on computers that seem "reasonably secure", but we all know that one's impossible to judge.
tobiasdr is offline   Reply With Quote
Old 22 Jul 2016, 06:35 PM   #72
nudge
Junior Member
 
Join Date: Jul 2016
Posts: 23
Another bites the...

I'm another one who is unhappy with these changes (amongst other gripes).

I opened a fastmail support ticket earlier this week about Carddav problems with shared address books and mentioned my concerns about the pending changes to Alternative logins at the same time. My impression is that without doing this I wouldn't have been given details about the pending changes. Not that they explained much, just enough to know they're going to break our workflow. I now see that Fastmail don't give a damn about their users needs, that they take away functionality that folks rely on without good reason and without properly explaining what's going on. The fact that I'm going to be spending my holidays dealing with the mess this creates is unfortunate and very annoying.

I feel very let down by fastmail and their development team.

That said I've always found their support team to be good (once you get past the first line).
nudge is offline   Reply With Quote
Old 22 Jul 2016, 08:13 PM   #73
Bamb0
Master of the @
 
Join Date: Feb 2005
Location: USA
Posts: 1,282
Welcome to emaildiscussions
Bamb0 is offline   Reply With Quote
Old 23 Jul 2016, 09:54 AM   #74
jamus
Junior Member
 
Join Date: Oct 2008
Posts: 4
Full Access

Are we still going to be able to login to our accounts without having full access?
jamus is offline   Reply With Quote
Old 24 Jul 2016, 12:39 AM   #75
amoebob
Junior Member
 
Join Date: Aug 2012
Posts: 5
Unhappy Decreased security for web users?

I have a strong master password that I only type into a trusted computer. From less trusted computers, I login to the website using an alternative password with second-factor that provides only limited account access.

After August, how do I login from untrusted computers without having to type my master password and without full access? The blog mentions alternative passwords for apps and protocols but not how I can obtain limited user access to the web interface.

Isn't this sounding less secure for web users?
amoebob is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:48 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy