|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
10 Jan 2021, 05:22 PM | #16 | ||
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,799
|
Quote:
Quote:
|
||
10 Jan 2021, 08:38 PM | #17 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
I just remembered one of the huge problems with smartphone authenticator apps after I dropped my phone in some water and it wasn't working properly for a few days. Big problem getting 2FA codes! No matter what method you use, be sure to have alternate methods set up!
|
10 Jan 2021, 10:55 PM | #18 |
Essential Contributor
Join Date: Dec 2017
Location: Scotland
Posts: 483
|
|
10 Jan 2021, 10:59 PM | #19 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Quote:
|
|
11 Jan 2021, 11:06 AM | #20 | |
Junior Member
Join Date: Nov 2010
Posts: 9
|
Quote:
|
|
11 Jan 2021, 11:49 AM | #21 |
Cornerstone of the Community
Join Date: Jan 2003
Location: The Village
Posts: 599
|
|
12 Jan 2021, 12:39 AM | #22 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Just adding my 2c.
Yubico Security Key NFC ($25) is a great choice. Google's Titan Keys are great as well. After our org. purchased about 50 of these, a security flaw was discovered and they replaced all the bluetooth dongles for FREE. We use both. One Caveat Google's keys ARE made by a Chinese company, but Google claims they have a custom firmware on the devices that are different from the original Chinese maker, and are sealed.... While from an AD company, Google is horrible, from a Security standpoint from foreign threats, Google is actually very good. Say what you will on their cooperation with law enforcement, etc. I'd suggest the Yubico $25 keys as our first recommendation, and if you need a bluetooth solution get the Google key. I strongly recommend AGAINST feitian. /cl |
12 Jan 2021, 12:58 AM | #23 |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
What is the cost of your account security? Yubikey makes the best keys IMO at this point, but I also watch the industry for any new developments, so I'm open to other providers/developers. But I haven't yet found a company that I'd trust more with a key's design and manufacture, record of overengineering (a good thing), customer service, and openness about issues that occasionally pop up with various key firmware revisions and protocols. Again, I am definitely open to other companies, just haven't seen one that surpasses Yubico yet. Would definitely not buy Chinese made keys for too many reasons to list, no matter the cost savings, no matter the security promises, no matter what Google says about their process. Not worth it IMO.
Make sure to keep a spare and backup. Yubico sometimes has sales to get discounts buying 2+ units at once. Also agree with those comments that suggest you should take a good look at how your providers handle reset of the account if you lose your 2FA key/token/code/etc.. Sometimes they are actually relatively lax about recovering your account, compared to the impression of security they give with 2FA in general. Thus negating the whole point. It should be very hard to recover an account if you lose your 2FA method... VERY hard. And thus essential that you manage your 2FA carefully. But companies are cutting corners on this important step, and it's important to be aware of the recovery procedure for all your critical accounts. I've even tested this out on some accounts to see what they would do, and I don't want to disparage any particular companies, but one in particular (a hosting provider) very very easily just gave me total access to one of my accounts with virtually no effort on my part, despite 2FA supposedly locking it down. Very scary. I think one customer service person just blew it and didn't enforce the policy well, the company itself states a different, more comprehensive recovery policy. But these are things we need to be aware of and in some cases frankly verify ourselves if you are concerned at all. All the greatest 2FA in the world is useless if the companies who use those keys/services/tokens/etc., have lax policies and/or enforcement. Last edited by ioneja : 12 Jan 2021 at 01:12 AM. |
12 Jan 2021, 07:19 AM | #24 | |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Quote:
If time zones do have an effect, it's a bug rather than a legitimate excuse. |
|
14 Jan 2021, 07:41 PM | #25 |
Essential Contributor
Join Date: Jun 2002
Location: AU
Posts: 471
|
Authy and Microsoft authenticator offer to backup your 2fa token to the cloud if you are happy to use a soft token.
If you want hardware tokens then a basic ubikey in a safe and one on your keyring may be a good option for services like fastmail that allow you to register multiple. |
15 Jan 2021, 04:56 AM | #26 | |
Junior Member
Join Date: Nov 2010
Posts: 9
|
Quote:
|
|
16 Jan 2021, 02:16 AM | #27 |
Junior Member
Join Date: Jan 2021
Posts: 6
|
Sorry if this has been answered, but currently I have 2FA enabled using Google Authenticator. My phone number is listed for recovery.
If I forget my password and lose access to Authenticator app, will I lose access to my account? If so, is it best to have copy of my recovery key saved somewhere? |
16 Jan 2021, 02:24 AM | #28 |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
What I do is, take a screenshot of the QR code, and save that locally.
Then if the authenticator app gets corrupted, or if I've lost my 'phone, I can scan the saved QR code to another 'phone and I'm back in business. |
16 Jan 2021, 07:02 AM | #29 | |
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,799
|
Quote:
|
|
16 Jan 2021, 11:59 AM | #30 | ||
Junior Member
Join Date: Jan 2021
Posts: 6
|
Quote:
From Fastmail's help section: Quote:
|
||
Thread Tools | |
|
|