EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 25 Jul 2016, 08:29 PM   #136
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,173
I cannot log into my account today. I have my android phone and fast mail app, and it rejects my password. What do I do!?!?
ChinaLamb is offline   Reply With Quote
Old 25 Jul 2016, 08:32 PM   #137
CyberDyne
Master of the @
 
Join Date: Sep 2004
Posts: 1,550
Quote:
Originally Posted by ChinaLamb View Post
I cannot log into my account today. I have my android phone and fast mail app, and it rejects my password. What do I do!?!?
Use your master password and if you have 2FA / 2SV enabled it will then ask for a code from your chosen authenticator.

I would personally log in via the web first to check all your password settings though.

You may want to restart the app too. I use the Apple app and had to switch from Beta to Production to flush cached settings.
CyberDyne is offline   Reply With Quote
Old 25 Jul 2016, 08:35 PM   #138
JamesHenderson
Essential Contributor
 
Join Date: Jan 2003
Location: Oxford, England
Posts: 411
Quote:
Originally Posted by ChinaLamb View Post
I cannot log into my account today. I have my android phone and fast mail app, and it rejects my password. What do I do!?!?
Do you normally login with your master password or an alternative password? Some of the alternative login types got stopped today.

J.
JamesHenderson is offline   Reply With Quote
Old 25 Jul 2016, 08:42 PM   #139
glass
Member
 
Join Date: Dec 2013
Posts: 54
If you don't want to skip two-step verification on a particular device, have fun unticking the checkbox every single time you login for the rest of your life. And don't forget to do it, because you only have to forget once and you'll never be prompted again.

It's such a ridiculous anti-pattern to require people who don't want something to have to opt-out constantly, instead of having people who do want it to opt-in just once.
glass is offline   Reply With Quote
Old 25 Jul 2016, 08:48 PM   #140
odedp
Master of the @
 
Join Date: Mar 2000
Location: Tel-Aviv, ISRAEL
Posts: 1,562
Quote:
Originally Posted by JamesHenderson View Post
1. Go to:Settings / Passwords and security
2. Type in your master password at the top (to give you access)
3. Add an account recovery phone number
4. Switch 2FA on
5. Add a verification device (you get a choice of app / U2F key / "old" yubikey"
6. Make a note of your recovery key (keep it safe and secure)

7. Then you can add device specific passwords (e.g.: for your phone etc)
J.
Thanks for your help.
Much appreciated
odedp is offline   Reply With Quote
Old 25 Jul 2016, 08:56 PM   #141
JamesHenderson
Essential Contributor
 
Join Date: Jan 2003
Location: Oxford, England
Posts: 411
Quote:
Originally Posted by glass View Post
If you don't want to skip two-step verification on a particular device, have fun unticking the checkbox every single time you login for the rest of your life. And don't forget to do it, because you only have to forget once and you'll never be prompted again.

It's such a ridiculous anti-pattern to require people who don't want something to have to opt-out constantly, instead of having people who do want it to opt-in just once.
yes, swapping that around makes a lot more sense (and secure).
JamesHenderson is offline   Reply With Quote
Old 25 Jul 2016, 09:02 PM   #142
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,879
Quote:
Originally Posted by JamesHenderson View Post
yes, swapping that around makes a lot more sense (and secure).
I'm guessing that most of us use our own computers to access email 98% of the time. In the off-nominal case where you don't, painlessly uncheck the box...
sflorack is offline   Reply With Quote
Old 25 Jul 2016, 09:04 PM   #143
jaybea28309
Junior Member
 
Join Date: Jul 2009
Posts: 14
Quote:
Originally Posted by glass View Post
If you don't want to skip two-step verification on a particular device, have fun unticking the checkbox every single time you login for the rest of your life. And don't forget to do it, because you only have to forget once and you'll never be prompted again.
Thanks for the warning on that one! I agree that the default should be unchecked. I will raise a ticket, and if others do to, hopefully it will be changed.

Overall, I think that the changes are good, and seem to balance security and access fairly well. I would prefer to be able to set custom App-specific passwords, as I generally use 30 mixed and special characters. Generated App-specific passwords are 16 character case-insensitive alpha-numeric.

J
jaybea28309 is offline   Reply With Quote
Old 25 Jul 2016, 09:04 PM   #144
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,879
Quote:
Originally Posted by glass View Post
If you don't want to skip two-step verification on a particular device, have fun unticking the checkbox every single time you login for the rest of your life. And don't forget to do it, because you only have to forget once and you'll never be prompted again.
You can click the Reset button under the Trusted Computers in the Password & Security settings.
sflorack is offline   Reply With Quote
Old 25 Jul 2016, 09:07 PM   #145
JamesHenderson
Essential Contributor
 
Join Date: Jan 2003
Location: Oxford, England
Posts: 411
Quote:
Originally Posted by sflorack View Post
I'm guessing that most of us use our own computers to access email 98% of the time. In the off-nominal case where you don't, painlessly uncheck the box...
Maybe, but security only has to be broken once to be broken completely; this is a simple step that can improve both security and the user's experience. It's simply more elegant and a great suggestion.
JamesHenderson is offline   Reply With Quote
Old 25 Jul 2016, 09:10 PM   #146
ewal
Master of the @
 
Join Date: Apr 2002
Location: London, UK
Posts: 1,314
Anyone understand why the Fastmail Android app now rejects a correct username and password whilst all other routes (firefox, IOS etc) to Fastmail works ok?

I get that it is likely due to the new 2FA process but I had understood things would work ok until such time as I changed to 2FA. I'm using ver. 1.06.09 of the Android app.

I sent a support ticket to Fastmail and wait for their response.

cheers
Edward
ewal is offline   Reply With Quote
Old 25 Jul 2016, 09:12 PM   #147
JamesHenderson
Essential Contributor
 
Join Date: Jan 2003
Location: Oxford, England
Posts: 411
Quote:
Originally Posted by ewal View Post
Anyone understand why the Fastmail Android app now rejects a correct username and password whilst all other routes (firefox, IOS etc) to Fastmail works ok?

I get that it is likely due to the new 2FA process but I had understood things would work ok until such time as I changed to 2FA. I'm using ver. 1.06.09 of the Android app.

I sent a support ticket to Fastmail and wait for their response.

cheers
Edward
Hi - is the password for your Android the same as you are using for the (still working) Firefox/iOS etc? if not, perhaps it is one of the alternative login types that got stopped today?

[Edit:] just realised that you have kicked-off 2FA so all the old alternative passwords should have been voided as a result.

Last edited by JamesHenderson : 25 Jul 2016 at 09:20 PM.
JamesHenderson is offline   Reply With Quote
Old 25 Jul 2016, 09:13 PM   #148
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,879
I just added a few of the new security features to my account and it went really well. I had anticipated being able to use my mobile phone as part of the two-step verification, but apparently that's only for account recovery.

To me, this seems a little back words. When I need to perform an account recovery, I receive an SMS with a code across my phone. (I admit to having texts appear over the lock screen, making this less secure.) However, to perform a simple logon using 2FA, I have to unlock the phone (fingerprint) and enter a code. While everyones situation is likely different, in my case, the logon 2FA is more secure than account recovery.

Anyways, I also established an app password. Again, everything went very well, but I had anticipated being able to create my own password. Not a huge deal, but now I have to write down the generated one and store it somewhere, as opposed to remembering it.

Overall, nice implementation!
sflorack is offline   Reply With Quote
Old 25 Jul 2016, 09:15 PM   #149
sflorack
The "e" in e-mail
 
Join Date: Feb 2002
Posts: 2,879
Quote:
Originally Posted by ewal View Post
Anyone understand why the Fastmail Android app now rejects a correct username and password whilst all other routes (firefox, IOS etc) to Fastmail works ok?
I didn't use the old alternative logons, but if you created an App Password under the new system, you'll need to enter that in.
sflorack is offline   Reply With Quote
Old 25 Jul 2016, 09:18 PM   #150
JamesHenderson
Essential Contributor
 
Join Date: Jan 2003
Location: Oxford, England
Posts: 411
Quote:
Originally Posted by sflorack View Post
I just added a few of the new security features to my account and it went really well. I had anticipated being able to use my mobile phone as part of the two-step verification, but apparently that's only for account recovery.

To me, this seems a little back words. When I need to perform an account recovery, I receive an SMS with a code across my phone. (I admit to having texts appear over the lock screen, making this less secure.) However, to perform a simple logon using 2FA, I have to unlock the phone (fingerprint) and enter a code. While everyones situation is likely different, in my case, the logon 2FA is more secure than account recovery.

Anyways, I also established an app password. Again, everything went very well, but I had anticipated being able to create my own password. Not a huge deal, but now I have to write down the generated one and store it somewhere, as opposed to remembering it.

Overall, nice implementation!
I can recommend 1Password as a great app that syncs passwords across devices if you need to store them. I believe LastPass is also good (haven't used them in ages though).
JamesHenderson is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 12:19 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy