EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 27 Nov 2018, 06:01 AM   #1
xyzzy
Member
 
Join Date: May 2018
Posts: 32
Login Log shows attempted access

I was looking at my Logon Log and saw that on Wed 21 between 7AM and 2:30PM there were 97 failed IMAP login attempts from IP's that were from all over the world, all single attempts. I created a FM ticket asking them if this kind of probing is a common experience with FM user accounts. Their response was "yes".

For added safety I've since changed my account password, app password, and recovery code. But I was wondering what the opinions of anyone here are on this? Have you also seen this kind of behavior with FM?
xyzzy is offline   Reply With Quote

Old 27 Nov 2018, 07:37 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,407
These issues with criminals trying to log into accounts have nothing specifically to do with Fastmail. This affects all accounts which have internet access (such as bank accounts). I have seen these attempts at breaking into my Fastmail accounts in the past, but currently don't see any such attacks in the last couple of weeks. These attacks are random and may start and stop unpredictably.

Because of these issues, it's important that you use a long complex password for each account (including your Fastmail account) which is not used at any other account.

You can also use two factor authentication to improve your security. Even if someone was somehow able to guess or steal your password, they still can't access your account, since they don't have the other factor. I find the easiest and most flexible method is to use a TOTP authentication tool. You can allow devices you have physical control over to be "trusted devices" so you don't have to use the two factor authentication every time you log in.

For more information on two factor authentication, see:
https://www.fastmail.com/help/account/2fa.html

Bill
n5bb is offline   Reply With Quote
Old 27 Nov 2018, 08:12 AM   #3
xyzzy
Member
 
Join Date: May 2018
Posts: 32
Quote:
Originally Posted by n5bb View Post
These issues with criminals trying to log into accounts have nothing specifically to do with Fastmail. This affects all accounts which have internet access (such as bank accounts). I have seen these attempts at breaking into my Fastmail accounts in the past, but currently don't see any such attacks in the last couple of weeks. These attacks are random and may start and stop unpredictably.
That's what I figured. I just wanted some confirmation.

Thanks.

Quote:
Because of these issues, it's important that you use a long complex password for each account (including your Fastmail account) which is not used at any other account.
I've been using this site to test password strength although I don't know how reliable it is. But for my account password it says "one thousand trillion years" to crack and 446 trillion years to crack the app password.

Quote:
You can also use two factor authentication to improve your security.
- - -
I find the easiest and most flexible method is to use a TOTP authentication tool.
I prefer not to use these.
xyzzy is offline   Reply With Quote
Old 27 Nov 2018, 09:23 AM   #4
Grhm
Senior Member
 
Join Date: Mar 2007
Location: UK
Posts: 120
Quote:
Originally Posted by n5bb View Post
it's important that you use a long complex password
How long is long?
Grhm is offline   Reply With Quote
Old 27 Nov 2018, 02:12 PM   #5
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,407
Quote:
Originally Posted by Grhm View Post
How long is long?
There is no simple answer to that question, since it depends on the character set and randomness of your choice. See these guidelines:
https://en.wikipedia.org/wiki/Passwo...mon_guidelines

I would suggest a 6 character minimum length if you use random letters and numbers, or 12 characters in other cases. But it depends on how you create your password. For example, passwords such as "pass12345" are easy to guess.

If you use two-factor authentication you are much more secure. Someone would need to both hack your password and get access to your mobile device containing the authentication generator.

Bill
n5bb is offline   Reply With Quote
Old 28 Nov 2018, 12:09 AM   #6
Grhm
Senior Member
 
Join Date: Mar 2007
Location: UK
Posts: 120
Thank you. That's a really interesting article. I've not come across the term 'information entropy' before, but it is a useful concept.
Grhm is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:10 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy