|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
5 May 2013, 12:55 PM | #16 |
Member
Join Date: Jun 2004
Posts: 32
|
Being in the process of returning to Fastmail after a dalliance on GMail, I find the 2FA used by FM to be...strange. I guess having a "base" password counts as one factor, and then the randomly-generated number being the other, but it would just make more sense to me to have to put in my password and the OTP number in separate fields, like the Yubikey thing appears to be.
|
5 May 2013, 01:11 PM | #17 | |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
Quote:
It is however most certainly two-factor auth - "something you know + something you have". |
|
5 May 2013, 01:16 PM | #18 |
Member
Join Date: Jun 2004
Posts: 32
|
That makes sense. It's just that the other instances of 2FA I've used on a computer (World of Warcraft, GMail) explicitly separate the "know" and "have" into two fields, and require passing through an intermediate screen--first I give my username/password, then it pops up with a screen challenging for my random number.
The difference just surprised me is all. It may be worthwhile to clarify that a little somewhere in the documentation. |
6 May 2013, 01:19 AM | #19 | |
Member
Join Date: Apr 2002
Posts: 40
|
Quote:
|
|
6 May 2013, 02:51 AM | #20 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
Use complex Regular password with Full access for email clients
Quote:
Bill |
|
6 May 2013, 04:24 AM | #21 | |
Member
Join Date: Jun 2004
Posts: 32
|
Quote:
|
|
6 May 2013, 10:47 AM | #22 | |
Member
Join Date: Apr 2002
Posts: 40
|
Quote:
I'm more concerned for users in business accounts, where the user will choose as weak a password as they can, and probably the same one they use all over the web. Requiring a 2nd factor for web access would be a good enhancement. I use 1Password and have a strong password for my mail, but I'm more interested in the people who make their password as weak / easy to remember as possible. That is where the most benefit from 2FA will be seen. |
|
6 May 2013, 12:59 PM | #23 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
Quote:
|
|
6 May 2013, 03:45 PM | #24 |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
I think we're talking about two features here (correct me if I'm wrong):
- ability to choose services that the alternate login will work for - ability for business owners to enforce a specific login policy for their users Selecting services is not really hard, just an extension of what we already have (where you can have web (restricted) or "all" services). Login policies for businesses is more complex. Its not exactly hard, but it does have a few moving parts. I think I'd prefer to consider it as part of a broader thing to do config policies, but that's mostly just me musing at this point. We'll keep discussing these internally. Thanks for the feedback! Last edited by robn : 6 May 2013 at 03:58 PM. |
7 May 2013, 04:24 AM | #25 |
Member
Join Date: Jun 2004
Posts: 32
|
I would be in favor of being able to set passwords to be "non-web only". That is, passwords that will only work with a client. And if you could somehow specify the name of the client, that would be even more awesome (but I don't know if that information is sent over IMAP).
|
7 May 2013, 04:27 AM | #26 | |
Cornerstone of the Community
Join Date: Jun 2004
Posts: 740
|
Quote:
|
|
7 May 2013, 12:58 PM | #27 |
Member
Join Date: Aug 2012
Posts: 38
|
This is not working for me. I typed the Base password to trigger the Google Auth but its not working. It says Incorrect username or password but whenever I try SMS 1 Hour its working.
Not sure what's wrong but I was able to scan the bar code and I can see it in my Android my email account in FM. Please help. Thanks. |
7 May 2013, 01:51 PM | #28 |
Master of the @
Join Date: Nov 2002
Location: Canada
Posts: 1,015
|
Try entering the Google Auth code immediately after the base password (in the same box). Fastmail doesn't go to a separate screen like Google does.
|
7 May 2013, 02:03 PM | #29 |
Member
Join Date: Aug 2012
Posts: 38
|
|
8 May 2013, 10:25 PM | #30 | |
Master of the @
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
|
I admit to being somewhat on the fringe in all this because I access the web (and my email) from one and only one device: a home pc (using both web interface and an offline client [Outlook]).
Still, I can't help being just a bit confused in this discussion. Since (from an email perspective) Gmail pretty much started the whole 'two step authentication' thing, I'm used to understanding it from that angle. With Gmail, one goes into one's security settings and enables 2FA for the express purpose of preventing any possible password-only access to the account. One can go further and make a particular computer a 'trusted device' to prevent having to enter the 6-digit two-factor code at every login, but it's still AFAIK a case of Google secondarily 'authenticating' the login with the password AND the now-trusted device. That's why it's strange (for me) to read Rob write: Quote:
I may not be understanding things correctly here, to help me do so, I have some questions: 1. In general, are email accounts protected by long, complex passwords (say, 50+ characters) really as safe as those protected with 2FA, making 2FA somewhat redundant in those instances ? (E.g. my MyOpera account is protected by a nearly 70-character password [entered automatically by LastPass]. Is this account, as a result, really as safe or safer than a Gmail account protected by a 25-character password + 2FA ?) 2. More specifically, does FM itself presently have any method of providing account-wide, Gmail-like two-factor protection for users, preventing any password-only access whatsoever ? (E.g. does/can the Yubikey function in this way, or does it only work in the 'alternative login' way Rob describes in his responses here ?) Thanks for any feedback — and sorry for being dense ! |
|
Thread Tools | |
|
|