EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > Runbox Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc.

Reply
 
Thread Tools
Old 4 Jul 2016, 12:29 AM   #31
smithmb001
Senior Member
 
Join Date: May 2013
Posts: 162
Quote:
Originally Posted by FredOnline View Post
"...near future means different things to different people."
I would prefer RunBox take their time and do 2FA right rather than to release 2FA sooner and have lots of problems. That would not be good for us, nor would it be good for RunBox.

With that said, I was a bit disappointed in the calendaring "beta" offering. In my opinion, it probably should have remained in development until RunBox could have released a "real" beta offering. The CalDev beta is more of a pre-alpha than a beta release - don't do this with 2FA!

If you have been a RunBox customer for any time you know "near future" probably means months away. The fact that they posted updates on their blog for both of these offerings means they are officially committed to making them available, not just talking about them on the forum. My guess is that we'll be lucky if both 2FA and calendaring are made available by the end of the year. As with all things RunBox, patience...
smithmb001 is offline   Reply With Quote
Old 4 Jul 2016, 04:27 PM   #32
a414
Junior Member
 
Join Date: Jul 2015
Posts: 6
Quote:
Originally Posted by smithmb001 View Post
With that said, I was a bit disappointed in the calendaring "beta" offering. In my opinion, it probably should have remained in development until RunBox could have released a "real" beta offering. The CalDev beta is more of a pre-alpha than a beta release - don't do this with 2FA!
What problems did you run into with the CalDAV server?

FWIW, I've been using the CardDAV part of it without any apparent problems so far. I like the fact that DAV on Android allows for fine-grained control of synchronization schedules. It works fast enough and is not too much of a resource hog. And Runbox as my mail host knows about my contacts anyway, so I did not mind that much giving them access to the phone numbers as well.
a414 is offline   Reply With Quote
Old 4 Jul 2016, 09:40 PM   #33
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 713
Quote:
Originally Posted by jl66 View Post
Geir, the problem is that we are tired to wait years and then read that it's "almost finished", then that we can't use it yet, and many other explanations and words BUT after 1 year more or many months more we are in the same situation, and the result after all this time is: nothing!.
So, we only read from RB some more words but not facts, and we lose our hope and faith in these words, while we see that many email companies (or even only 1 guy creating an email service) finish 2FA in only some months.
Yes, I know, you are doing more efforts to get it work with pop/imap, etc... but maybe you should offer 2FA first to webmail users, then to pop/imap users, etc... those will be facts and will gain our faith and hope again.
Until then, we see nothing yet and we lose our hope in RB.

And since it was almost finished: + 3 months now.
+1 agree completely. This was delayed excessively IMO when it could have been rolled out in stages to different services. And to reply in advance to Geir before he suggests that they wanted to implement a comprehensive 2FA service (which I admire the ambition), he should be aware that there are tons of people who exclusively use webmail, for example, so it would have been perfectly useful just for that service first.

However, I do congratulate them that they're almost done, and it will be a good thing once finalized. And while I'm critical of how RB has been doing this, I also want to support them because otherwise solid, independent, privacy-oriented email services with a good track record are few and far between. We need RB to succeed, but they are very, very slow to implement new features.
ioneja is offline   Reply With Quote
Old 5 Jul 2016, 07:03 AM   #34
smithmb001
Senior Member
 
Join Date: May 2013
Posts: 162
Quote:
Originally Posted by a414 View Post
What problems did you run into with the CalDAV server?
I would challenge you to name a single mainstream email provider that has implemented a calendar solution, even in "beta", that is equivalent to this one. I think the only reason RunBox released CalDAV in this manner is because they felt pressured to do so.

My secondary email provider, a small company in Iceland, probably almost two years old, implemented a calendar solution as part of their beta3 release earlier this year. It is a complete calendar solution. Why not use them? Well, my calendar data now lives on Google and a dedicated third party calendaring solution. When I move my calendar data, it is going to RunBox and that's the final stop.

For the record, I did not sign up for RunBox for 2FA or for a calendar solution. I am getting exactly what I signed up for when I renewed my subscription and have no complaints (very happy!). The coming 2FA and calendar solutions will make RunBox's offerings more complete and it will make it far less likely that I will even consider switching providers.
smithmb001 is offline   Reply With Quote
Old 5 Jul 2016, 07:08 AM   #35
smithmb001
Senior Member
 
Join Date: May 2013
Posts: 162
Quote:
Originally Posted by ioneja View Post
he should be aware that there are tons of people who exclusively use webmail, for example, so it would have been perfectly useful just for that service first. And while I'm critical of how RB has been doing this, I also want to support them because otherwise solid, independent, privacy-oriented email services with a good track record are few and far between. We need RB to succeed, but they are very, very slow to implement new features.
+1 Exclusively use webmail (technically Android app)
+1 Extraordinarily difficult to find a better email service that is focused on privacy and security. I checked out a large number of providers before I chose RunBox.
smithmb001 is offline   Reply With Quote
Old 5 Jul 2016, 02:58 PM   #36
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
Quote:
Originally Posted by ioneja View Post
he should be aware that there are tons of people who exclusively use webmail, for example, so it would have been perfectly useful just for that service first.
That´s what I mean
jl66 is offline   Reply With Quote
Old 5 Jul 2016, 05:14 PM   #37
a414
Junior Member
 
Join Date: Jul 2015
Posts: 6
Quote:
Originally Posted by ioneja View Post
+1 agree completely. This was delayed excessively IMO when it could have been rolled out in stages to different services. And to reply in advance to Geir before he suggests that they wanted to implement a comprehensive 2FA service (which I admire the ambition), he should be aware that there are tons of people who exclusively use webmail, for example, so it would have been perfectly useful just for that service first.
I cannot resist correcting this, even though it has been said before.

Rolling out 2FA to webmail without taking care of other services would have been security theater (which is admittedly quite popular these days), but nothing more than that. Anybody capturing your password while you were happily logging in to your webmail using 2FA would then have been able to access your account using IMAP. Not what you want.

To safely offer 2FA for webmail and nothing else would have meant either implementing functionality to disable everything but webmail for people who want 2FA (code which would be pretty useless after the completion of the project), or changing the authentication system to permit use of different passwords for webmail with 2FA and other services without 2FA (which is basically what Runbox is doing).

If you have so little manpower that a project such as this one takes years, it really does not make sense wasting time to implement code you're going to throw away later. And assuming that with the spread of smartphones an increasing number of people is going to use an email client instead of webmail at some point of time, any useful 2FA solution must eventually be able to cater to those.
a414 is offline   Reply With Quote
Old 1 Aug 2016, 04:01 PM   #38
kaisersoze
Junior Member
 
Join Date: Mar 2015
Posts: 12
+1 month.... Sorry runbox but I wont be renewing this year.
kaisersoze is offline   Reply With Quote
Old 1 Aug 2016, 04:21 PM   #39
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
+ 4 months since "all was finished".
I think that my new yearly subscription will finish without 2FA... sad.
jl66 is offline   Reply With Quote
Old 4 Aug 2016, 12:43 PM   #40
bipbop
Senior Member
 
Join Date: Dec 2009
Posts: 197
Quote:
Originally Posted by jl66 View Post
+ 4 months since "all was finished".
I think that my new yearly subscription will finish without 2FA... sad.
Actually three months since they announced they had started their "sysadmin and test phase". As far as I can see, nobody on these forums has been asked to be testers. That isn't a good sign.
bipbop is offline   Reply With Quote
Old 4 Aug 2016, 03:30 PM   #41
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
https://blog.runbox.com/2015/12/than...status-update/

Yes, only words but not facts
jl66 is offline   Reply With Quote
Old 4 Aug 2016, 03:57 PM   #42
kaisersoze
Junior Member
 
Join Date: Mar 2015
Posts: 12
From the comments on the blog post:

Kaisersoze says:

April 13th, 2016 at 13:22 (#)

Hi,

This seems to be taking quite a lot of time… Runbox is great but is lacking security. This is an important feature to implement. Please can Runbox set an expectation for their customers?

Thanks and keep on the good work!
Geir says:

April 13th, 2016 at 22:24 (#)

We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords.

We have also spent time improving our new authentication service (which is the foundation for 2FA), to make sure it scales in our production environment.

What remains is mostly to handle a couple of legacy interfaces to make all of our services use the authentication service instead of native/custom authentication.

Then we will do some thorough testing, after which we can gradually deploy in production and invite some beta testers.
Kaisersoze says:

April 14th, 2016 at 09:28 (#)

Hi Geir,

Many thanks for the update.

Could you please give us a target date for this to be implemented? Im sure you must have a target date…

Regards



No reply. Initial question in February and by then:
"We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords"


TBH I dont even know why I am following this anymore. I have moved my email away from RB months ago.

~I just cant afford someone to break into my account and take all my other accounts as they please.

Sorry Runbox, but this is no way to run a business. Security is not a feature these days and I fail to understand why you make yourselves busy with caldav rather than your customer's security. On top of that, you have customers asking 2FA for ages (a simple search on the forum will show you that) and you have been dragging this without setting any expectations...All we get is "its almost done"
kaisersoze is offline   Reply With Quote
Old 4 Aug 2016, 05:46 PM   #43
17pm
Cornerstone of the Community
 
Join Date: Sep 2013
Posts: 536
I've also given up on Runbox more than 1 year ago because of this. Their support is great, one of the best I've ever seen, fast and to the point, but they seriously need some man-power..

I feel like they must be good friends with each-other, and so incompetence is not punished. Hire some good coders please.
17pm is offline   Reply With Quote
Old 4 Aug 2016, 08:02 PM   #44
Geir
The "e" in e-mail
 
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938

Representative of:
Runbox.com
Update

We've been working on this through the summer and have completed testing of all the services that need to support 2FA, and we have now initiated their deployment into production.

(As has been pointed out here previously, implementing support for just the web interface would effectively leave a backdoor open via IMAP, POP, etc regardless of whether you use those services.)

Meanwhile we are making some adjustments to the new Account Security web interface to ensure it's both comprehensive and user-friendly enough for everyone to use.

Other projects running in parallel such as calendaring (CalDAV) have not delayed 2FA because they're being worked on by different people (in this specific case, by the people behind sabre/dav).

CalDAV is a service that's been frequently requested -- more so than 2FA -- and going ahead with an isolated and relatively uncomplicated project like that was an easy decision to make.

- Geir
Geir is offline   Reply With Quote
Old 4 Aug 2016, 09:54 PM   #45
jl66
Essential Contributor
 
Join Date: Oct 2013
Posts: 413
Quote:
Originally Posted by Geir View Post
(As has been pointed out here previously, implementing support for just the web interface would effectively leave a backdoor open via IMAP, POP, etc regardless of whether you use those services.)

- Geir
Not if you disable imap and pop access to those choosing 2FA only by web. That's how other email companies (Posteo for example) are doing it: an option to disable completely imap and pop.
jl66 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:29 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy