EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 24 Jul 2016, 06:29 PM   #91
rharha
Senior Member
 
Join Date: Oct 2013
Posts: 100
There is a good article on Wikipedia about password strength: https://en.wikipedia.org/wiki/Password_strength

I always use random 14 char case sensitive alphanumeric.
rharha is offline   Reply With Quote
Old 24 Jul 2016, 06:39 PM   #92
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,513
Quote:
Originally Posted by BritTim View Post
This whole thread confirms something I have believed for some time now. Fastmail staff are smart, but many of them also believe they know user requirements without any consultation. This leads to user dissatisfaction when features are removed or changed without any prior discussion. Fastmail was not always like this. One of the things that attracted me to the service in the Jeremy Howard era was its recognition of the value of partnering with its users rather than dictating what they should have.
I really enjoyed the old days, now I have a UI that is so different and to be honest I can't stand it, but I use it because of other features.

I really need to find something that I would enjoy using, but my stumbling block is sieve script as not may companies offer it and if they do you can't manually adjust it.

Fastmail has become another gmail....with a few extra bells and whistles
Terry is offline   Reply With Quote
Old 24 Jul 2016, 06:49 PM   #93
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 469
Quote:
Originally Posted by rharha View Post
There is a good article on Wikipedia about password strength: https://en.wikipedia.org/wiki/Password_strength

I always use random 14 char case sensitive alphanumeric.
Doesn't sound very memorable to me.
Isn't the 1st factor supposed to be something you can easily recall?
gardenweed is offline   Reply With Quote
Old 24 Jul 2016, 06:55 PM   #94
rharha
Senior Member
 
Join Date: Oct 2013
Posts: 100
Quote:
Originally Posted by gardenweed View Post
Doesn't sound very memorable to me.
Isn't the 1st factor supposed to be something you can easily recall?
It isn't very memorable. I keep all pws in a password manager, backed up in multiple locations on- and offline, and only remember the pw to unlock that one (18 char random case sensitive alphanumeric). Also have that password printed out, though. You never know...
rharha is offline   Reply With Quote
Old 24 Jul 2016, 07:02 PM   #95
FredOnline
Master of the @
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 1,913
Quote:
Originally Posted by rharha View Post
Of course it doesn't stop attempts but attempts will likely remain attempts. A phisher can only get your pw but not your phone.
That's assuming one has the 2FA enabled, of course.

But how many users don't or won't?

Quite a few I'll wager.
FredOnline is offline   Reply With Quote
Old 24 Jul 2016, 07:12 PM   #96
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,513
75% -80% wont ?
Terry is offline   Reply With Quote
Old 24 Jul 2016, 08:38 PM   #97
glass
Member
 
Join Date: Dec 2013
Posts: 54
Quote:
Originally Posted by nighthawk700 View Post
(and it looks like the new security features won't work for me anyway... in my workplace I can't bring in a cell phone, nor insert a USB device. The parking lot is too far to run in and jump on my computer in the 60 second or so window discussed.)

Back to the drawing board. PROGRESS!! ;-)
This is my problem too. I currently use an OTP list, but that's going to stop working in about 24 hours.

As far as I can tell, the only way around this is to change the master password to something memorable and remove 2FA.

If I'm going to to have to do that anyway I might try and essentially "fake" 2FA, by having half of my password memorable and half of it complex and random, and have the complex part written on a piece of paper. That's something I know (the memorable part of the password) and something I have (the printed piece of paper). Real 2FA usually doesn't produce codes that can be reused like this can though.
glass is offline   Reply With Quote
Old 24 Jul 2016, 11:18 PM   #98
Glendon CDN
Member
 
Join Date: Feb 2004
Location: Markham, ON Canada
Posts: 73
Time Zone?

I can't wait for the howls of outrage when the change comes into effect on Jul 24; Jul 25 in Australia! Or will it?

But if it in any way reduces the number of complaints about the demise of the"classic" web interface it will be worth the minor inconvenience. Though there seem to be some who still lament the demise of Windows 3 in light of the dangfangled Windsor'95.

It's technology folks - expect changes and adapt. FWIW, the changes seem eminently reasonable and are not all that difficult to comprehend. I go notices via Twitter, email and the blog [which appears in my newsreader] and its' clear I donít NEED to do anything for at least a month.
Glendon CDN is offline   Reply With Quote
Old 25 Jul 2016, 04:31 AM   #99
ioneja
Cornerstone of the Community
 
Join Date: Jul 2011
Posts: 501
Quote:
Originally Posted by nighthawk700 View Post
Well, this will kill the reason I got my kids Fastmail accounts in a family account. I set up filters in their accounts so I get a copy of every email they send and receive so I can monitor their usage, then give them the restrictive password while I keep the master so they can't monkey around with the filters. I chose to do that rather than one of the "kids email services" since it seemed to be about the same functionality at a better cost and hey, they get to use my email domain name too. Sounds like after Aug I'll have to give them the master password to the account, and will have to trust they won't monkey around with the filters. (they are pretty bright about things like that).

(and it looks like the new security features won't work for me anyway... in my workplace I can't bring in a cell phone, nor insert a USB device. The parking lot is too far to run in and jump on my computer in the 60 second or so window discussed.)

Back to the drawing board. PROGRESS!! ;-)
Re: Kid's accounts -- I have something similar set up, but recognize that any smart kid can get around whatever limitations I set up -- not to mention, easily figure out a way to set up a Gmail account, thus blowing up any supervision I can have... so while I do have filters set up to forward email like you, as admin in a family account, I can always go into their account if needed and see what's going on. Yes, they could disable filters, send emails, delete evidence, re-enable filters... so they can get around this, but there's also an element of trust. I hope my relationship with them isn't distilled down to a game of trying to catch them. If that's the case, I think I'd have bigger issues at play. If they really want to get around my protections for them, they'll figure out a way anyway. So my focus is building a strong relationship with them, while still having a decent level of parental access if needed. Theoretically, if you had to have total retention, you could upgrade the whole family to a business account and use their tamper-proof business email retention service...

Re: office limitations of this new 2FA, technically, there is a way around your situation, which would be to use the old-style Yubikey, which doesn't have an expiration on the code... the issued authentication code technically only expires once the next code is issued. So you could use the old Yubikey method out in your car... then copy that manually once you get into your office... it would be a big hassle since it's a long code to copy down, but at least it would be feasible.
ioneja is offline   Reply With Quote
Old 25 Jul 2016, 07:52 AM   #100
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 469
Quote:
Originally Posted by robn View Post
No. We're wearing the cost on this one. Being locked out of your account because you didn't have any SMS credit would not be cool.
I just tried setting up a 2F p/w with base + SMS.
When I tried to login I entered the base password.
The response was :
"ERROR sending SMS: Insufficient credits to send SMS"

So when using SMS for 2F, do we need to pay for these?

Edit - meh

Last edited by gardenweed : 25 Jul 2016 at 07:57 AM. Reason: more info
gardenweed is offline   Reply With Quote
Old 25 Jul 2016, 08:02 AM   #101
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 469
Quote:
Originally Posted by robn View Post
Ok, here's my attempt to clarify everything. This is all in the new documentation and you'll be guided through it in the UI, so no need to memorise this.

You have a "master" password. Just one. It's what you use to access your account via the web. It's a "full access" login (there's no such thng as "restricted" logins anymore, except during the transition period where existing "Alternative Logins" continue to work. I've written more about restricted logins below).

From the web interface, you can access the new "Password & Security" screen. This asks for your password before you can make any changes (the "master" password - you only have one).

Here, you can, if you choose, add and verify a recovery method - either an email address or SMS number. This will be used to help you recover your account should you ever lose access to it (lost password and/or second factors).
Has this gone live?
I'm not seeing any option to add SMS as a recovery method?
gardenweed is offline   Reply With Quote
Old 25 Jul 2016, 08:11 AM   #102
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,513
Its there just click a little box alternative log ins it takes you to another page....

Perhaps it's not set up yet as I thought we wre getting alternative logins and our current ones would not work.
Terry is offline   Reply With Quote
Old 25 Jul 2016, 08:29 AM   #103
gardenweed
Essential Contributor
 
Join Date: Jun 2008
Location: Perth
Posts: 469
Quote:
Originally Posted by Terry View Post
Its there just click a little box alternative log ins it takes you to another page....

Perhaps it's not set up yet as I thought we wre getting alternative logins and our current ones would not work.
No. That's for Alternative logins, not Recovery.

Read Rob's post again for yourself.
It says:
Quote:
"From the web interface, you can access the new "Password & Security" screen. This asks for your password before you can make any changes (the "master" password - you only have one).

Here, you can, if you choose, add and verify a recovery method - either an email address or SMS number. This will be used to help you recover your account should you ever lose access to it (lost password and/or second factors)."
Then try it for yourself.
It doesn't work as described.
When you log into the Security section, where Rob says "Here, you can, if you choose, add and verify a recovery method - either an email address or SMS number".
In that screen, there is only the option to add an email address - there is no option to add a number for Recovery assistance via SMS.

In the next screen that you describe - which is for Alternative Logins - there is a field for entering a phone number for 2F SMS.
This is not Recovery, this is 2F login. Different things.
gardenweed is offline   Reply With Quote
Old 25 Jul 2016, 08:39 AM   #104
robn
Master of the @
 
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007

Representative of:
Fastmail.fm
It's not live yet. We're looking to start in around six hours, doing it late night US time ready for Monday morning.
robn is offline   Reply With Quote
Old 25 Jul 2016, 09:01 AM   #105
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,513
Quote:
Originally Posted by gardenweed View Post
No. That's for Alternative logins, not Recovery.

In the next screen that you describe - which is for Alternative Logins - there is a field for entering a phone number for 2F SMS.
This is not Recovery, this is 2F login. Different things.
Oh Ok.....sorry I don't go in that section much so I don't really know what's new, I just thought you had missed the little button....

Anyway it's not live yet.
Terry is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 07:17 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy