EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 23 Jul 2008, 07:56 AM   #46
Si1
Cornerstone of the Community
 
Join Date: Apr 2002
Location: UK
Posts: 590
I've just been trying this out - it's a fantastic feature! Thanks Bron!
I'm using the one-time SMS option, which works brilliantly.

As a wish list , I have:
  • Unique username to trigger OTP
  • SMS OTP to have 1 hour and 1-use validity
  • Alternative login to (optionally) restrict folder access, address book access, from-address selection, etc.
  • Alternative login to force SSL & no-cache; use different style sheet
Thanks again - top class implementation
Si1 is offline   Reply With Quote
Old 23 Jul 2008, 04:30 PM   #47
schmoe
Essential Contributor
 
Join Date: Oct 2003
Posts: 385
Is it possible to regenerate OTP

From the wiki:
When you create a one-time password set, a page with 100 randomly generated passwords is presented for printing. You must print it before leaving the page, because it's not cached and you can't view the passwords again. You can use these passwords in any order.

Suppose I did lose the generated passwords. Can I regenerate a new set of one time passwords, assuming I've logged in with my normal user name and pass? If not, why not? Is there a security issue I am missing?
schmoe is offline   Reply With Quote
Old 23 Jul 2008, 05:16 PM   #48
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
Quote:
Originally Posted by schmoe View Post
From the wiki:
When you create a one-time password set, a page with 100 randomly generated passwords is presented for printing. You must print it before leaving the page, because it's not cached and you can't view the passwords again. You can use these passwords in any order.

Suppose I did lose the generated passwords. Can I regenerate a new set of one time passwords, assuming I've logged in with my normal user name and pass? If not, why not? Is there a security issue I am missing?
Very simple, you can create many password sets, and delete them as you want. It works the way you'd expect it to. Just try it out.
ChinaLamb is offline   Reply With Quote
Old 23 Jul 2008, 05:53 PM   #49
Prognathous
Master of the @
 
Join Date: Aug 2002
Location: Israel
Posts: 1,060
The SMS password feature is very nice. I do think however that the SMS should explain that to use it the user needs to type the base password in the beginning of the line. I had to search the wiki to find that the password needs to be [basepassword]+[sms-password]. This can (and should) be explained in the SMS, or when creating the SMS password.

Prog.
Prognathous is offline   Reply With Quote
Old 23 Jul 2008, 06:04 PM   #50
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
Quote:
Originally Posted by Prognathous View Post
The SMS password feature is very nice. I do think however that the SMS should explain that to use it the user needs to type the base password in the beginning of the line. I had to search the wiki to find that the password needs to be [basepassword]+[sms-password]. This can (and should) be explained in the SMS, or when creating the SMS password.

Prog.
HA ha... It took me so many tries to finally get the right combination. I was sure it was broken till I figured that out...

100% agree documentation needs to be improved.
ChinaLamb is offline   Reply With Quote
Old 23 Jul 2008, 06:30 PM   #51
ruaricallow
Junior Member
 
Join Date: Jan 2007
Posts: 22

Representative of:
Opera.com
You can delete messages with a restricted login.

This is a fantastic feature, really like it but currently you can still delete emails. Granted you can't empty the trash but there are other ways.

Open a message, switch to the 'Advanced Screen' if you are not on it already, then choose 'Delete Permanently' and some combination like 'Mailbox' from the drop downs, then click 'Do'. You get the message back "Message permanently deleted.". Sure enough the message is gone. :-(

Still I guess (hope) it is an easy fix.
ruaricallow is offline   Reply With Quote
Old 23 Jul 2008, 06:48 PM   #52
rabarberski
Master of the @
 
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
Quote:
Originally Posted by ChinaLamb View Post
HA ha... It took me so many tries to finally get the right combination. I was sure it was broken till I figured that out...

100% agree documentation needs to be improved.
Frankly, I don't think the documentation needs to be improved, but the user interface / the way it is presented to the user needs to be improved (that's the Google approach ). It is not very self-explanatory.

I intended to try it out a couple of days ago, but then I didn't because I was confused by all the passwords: "master password", "regular password", "base password", "one time password", .... pfew.
It would take me more than 10 seconds to figure out which one relates to the password I normally use to log in to my account. (I think it is the master password). I gave up... (the lazy remark to this argument would be that I am too lazy )

One improvement for this situation I can suggest is to hide (using javascript?) the text fields that are not relevant for the login type selected (for example, I think the base password is only relevant when SMS is selected, so hide it for all other options). This should reduce confusion I think.

Concerning the explanatory text to the right of the input boxes, the text for "login type" is not complete.I suggest to:
  • list all item (e.g. "1hr password set is missing")
  • bullet list the items, or at least have each login type choice appear in bold in the text (to make the different options stand out more in the text).

Great feature though
rabarberski is offline   Reply With Quote
Old 23 Jul 2008, 06:52 PM   #53
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
Quote:
Originally Posted by rabarberski View Post
Frankly, I don't think the documentation needs to be improved, but the user interface / the way it is presented to the user needs to be improved (that's the Google approach ). It is not very self-explanatory.
How would you word the directions? If you are unhappy with it, maybe make a suggestion for how Rob or the others could improve it.
ChinaLamb is offline   Reply With Quote
Old 23 Jul 2008, 07:32 PM   #54
rabarberski
Master of the @
 
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
Quote:
Originally Posted by ChinaLamb View Post
... maybe make a suggestion ...
See:

Quote:
Originally Posted by rabarberski View Post
One improvement for this situation I can suggest ...
and

Quote:
Originally Posted by rabarberski View Post
Concerning the explanatory text to the right of the input boxes, the text for "login type" is not complete.I suggest to...
and (tris)

Quote:
Originally Posted by rabarberski View Post
A user-interface remark: There is the option "Full access" ......
I think this is a bit confusing. Better change the wording to .....

I'll think some more about other ways to improve. Although I feel it is more than just the "wording of the directions".

Last edited by rabarberski : 23 Jul 2008 at 08:01 PM. Reason: Added third reference to former suggestions made
rabarberski is offline   Reply With Quote
Old 23 Jul 2008, 09:31 PM   #55
rabarberski
Master of the @
 
Join Date: Nov 2006
Location: Ghent, Belgium
Posts: 1,027
Quote:
Originally Posted by rabarberski View Post
I'll think some more about other ways to improve. Although I feel it is more than just the "wording of the directions".
I have given this another thought. I would make the following suggestions:
  • limit the "login type" options to the following 3 (instead of 5):
    • Regular password
    • One Time Password Set
    • SMS Password sender
    Notice I put the "regular password" as the first option, since this seems to me the base case of an alternative login.
  • The corresponding description would then be:
    Regular - Re-usable password for standard access. By default (but this can be changed through the "Full access" option below) a regular password can not be used to change the master password or the backup email address.
    One Time Password Set - Generates a list of 100 one-time passwords
    SMS Password sender - Upon entering the "alternative password" at the login screen, a temporary password will be SMSed to your phone. You can then use this temporary password to login (for the second time) at the login screen.

  • Rename "Base password" to "Alternative password / OTP prefix"
  • Alternatively, the "OTP prefix" could be a separate option, just as the "password expiration" (see further), which should then only be displayed when OTPS has been selected (and Alternative password should then be hidden)
  • Corresponding description for "Alternative password / OTP prefix":
    The new, alternative password to login to your account. In case of an "One Time Password Set", this should be prefixed to your OTP password. For example: if OTP is abcd-efgh and "Alternative password / OTP prefix" is q23 then password is q23abcd-efgh.
  • Provide an option "Password expiration" which can be set to either 1hr or 24hours (24hours by default).
    This option should only be displayed when OTPS or SMS has been selected.
  • The corresponding "Password expiration" text could be:
    Time period during which the alternative password, once used for the first time, can be used to login to your account.
  • Rename "Full access" to "Restricted access" as detailed in this post.
rabarberski is offline   Reply With Quote
Old 24 Jul 2008, 01:20 AM   #56
Prognathous
Master of the @
 
Join Date: Aug 2002
Location: Israel
Posts: 1,060
Truely excellent suggestions rabarberski. I really hope Fastmail will implement them. It would make the interface much clearer and easier to use.

Prog.
Prognathous is offline   Reply With Quote
Old 24 Jul 2008, 07:02 PM   #57
Edward Velo
Essential Contributor
 
Join Date: Jun 2004
Location: Brussels, Belgium
Posts: 432
Fastcheck

At first, I couldn't find "Alternative Logins" at the Options screen. It seems that when I logon via Fastcheck, this option isn't shown. But if I logon manually, then it's there.

Why is that? Is that by design?

Thanks
Edward Velo is offline   Reply With Quote
Old 25 Jul 2008, 01:15 PM   #58
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
Arrow Saw this transiently, but now it's working correctly here

Quote:
Originally Posted by Edward Velo View Post
At first, I couldn't find "Alternative Logins" at the Options screen. It seems that when I logon via Fastcheck, this option isn't shown. But if I logon manually, then it's there.

Why is that? Is that by design?
I had never had this problem before I tried tonight and saw what you reported. I tried logging out, logged back in manually on the normal and beta server, used CTL-F5 to reload the Options screen to bypass caching, etc., and now my setup works correctly again when logging in from the Fastcheck toolbar. I have a new computer with Vista Home and Firefox 2.0.0.16 installed at this time. At first I thought it might be normal vs beta logins, but now it's working correctly for both.

When you use an alternative login to log into Fastmail you can lose some choices on the Options screen. Also I use the Fastmail login shortcut generator. So these might be complicating the caching issue. Again, when I logged out and logged in a few times this problem disappeared for me.

Bill
n5bb is offline   Reply With Quote
Old 25 Jul 2008, 07:22 PM   #59
scutworker
Member
 
Join Date: Mar 2006
Posts: 44
I had exatcly the same problem with "alternative logins" not showing when using Fastcheck.

What I did, was that above; log into the beta server, click options, then logout. Clear all cookies, then log into the normal server and the option is there, but it is still not there if I login using Fastcheck.

Last edited by scutworker : 25 Jul 2008 at 08:17 PM.
scutworker is offline   Reply With Quote
Old 25 Jul 2008, 08:55 PM   #60
ruaricallow
Junior Member
 
Join Date: Jan 2007
Posts: 22

Representative of:
Opera.com
Quote:
Originally Posted by ruaricallow View Post
This is a fantastic feature, really like it but currently you can still delete emails. Granted you can't empty the trash but there are other ways.

Open a message, switch to the 'Advanced Screen' if you are not on it already, then choose 'Delete Permanently' and some combination like 'Mailbox' from the drop downs, then click 'Do'. You get the message back "Message permanently deleted.". Sure enough the message is gone. :-(

Still I guess (hope) it is an easy fix.
I have submitted this as a bug now
ruaricallow is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:27 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy