|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
27 Nov 2018, 05:01 AM | #1 |
Essential Contributor
Join Date: May 2018
Posts: 474
|
Login Log shows attempted access
I was looking at my Logon Log and saw that on Wed 21 between 7AM and 2:30PM there were 97 failed IMAP login attempts from IP's that were from all over the world, all single attempts. I created a FM ticket asking them if this kind of probing is a common experience with FM user accounts. Their response was "yes".
For added safety I've since changed my account password, app password, and recovery code. But I was wondering what the opinions of anyone here are on this? Have you also seen this kind of behavior with FM? |
27 Nov 2018, 06:37 AM | #2 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
These issues with criminals trying to log into accounts have nothing specifically to do with Fastmail. This affects all accounts which have internet access (such as bank accounts). I have seen these attempts at breaking into my Fastmail accounts in the past, but currently don't see any such attacks in the last couple of weeks. These attacks are random and may start and stop unpredictably.
Because of these issues, it's important that you use a long complex password for each account (including your Fastmail account) which is not used at any other account. You can also use two factor authentication to improve your security. Even if someone was somehow able to guess or steal your password, they still can't access your account, since they don't have the other factor. I find the easiest and most flexible method is to use a TOTP authentication tool. You can allow devices you have physical control over to be "trusted devices" so you don't have to use the two factor authentication every time you log in. For more information on two factor authentication, see: https://www.fastmail.com/help/account/2fa.html Bill |
27 Nov 2018, 07:12 AM | #3 | |||
Essential Contributor
Join Date: May 2018
Posts: 474
|
Quote:
Thanks. Quote:
Quote:
|
|||
27 Nov 2018, 08:23 AM | #4 |
Essential Contributor
Join Date: Mar 2007
Location: UK
Posts: 270
|
|
27 Nov 2018, 01:12 PM | #5 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
There is no simple answer to that question, since it depends on the character set and randomness of your choice. See these guidelines:
https://en.wikipedia.org/wiki/Passwo...mon_guidelines I would suggest a 6 character minimum length if you use random letters and numbers, or 12 characters in other cases. But it depends on how you create your password. For example, passwords such as "pass12345" are easy to guess. If you use two-factor authentication you are much more secure. Someone would need to both hack your password and get access to your mobile device containing the authentication generator. Bill |
27 Nov 2018, 11:09 PM | #6 |
Essential Contributor
Join Date: Mar 2007
Location: UK
Posts: 270
|
Thank you. That's a really interesting article. I've not come across the term 'information entropy' before, but it is a useful concept.
|
Thread Tools | |
|
|