EmailDiscussions.com - View Single Post

kaisersoze · 4 Aug 2016, 02:57 PM

From the comments on the blog post:

Kaisersoze says:

April 13th, 2016 at 13:22 (#)

Hi,

This seems to be taking quite a lot of time… Runbox is great but is lacking security. This is an important feature to implement. Please can Runbox set an expectation for their customers?

Thanks and keep on the good work!
Geir says:

April 13th, 2016 at 22:24 (#)

We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords.

We have also spent time improving our new authentication service (which is the foundation for 2FA), to make sure it scales in our production environment.

What remains is mostly to handle a couple of legacy interfaces to make all of our services use the authentication service instead of native/custom authentication.

Then we will do some thorough testing, after which we can gradually deploy in production and invite some beta testers.
Kaisersoze says:

April 14th, 2016 at 09:28 (#)

Hi Geir,

Many thanks for the update.

Could you please give us a target date for this to be implemented? Im sure you must have a target date…

Regards

No reply. Initial question in February and by then:
"We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords"

TBH I dont even know why I am following this anymore. I have moved my email away from RB months ago.

~I just cant afford someone to break into my account and take all my other accounts as they please.

Sorry Runbox, but this is no way to run a business. Security is not a feature these days and I fail to understand why you make yourselves busy with caldav rather than your customer's security. On top of that, you have customers asking 2FA for ages (a simple search on the forum will show you that) and you have been dragging this without setting any expectations...All we get is "its almost done"

4 Aug 2016, 02:57 PM	#42
kaisersoze Junior Member Join Date: Mar 2015 Posts: 12	From the comments on the blog post: Kaisersoze says: April 13th, 2016 at 13:22 (#) Hi, This seems to be taking quite a lot of time… Runbox is great but is lacking security. This is an important feature to implement. Please can Runbox set an expectation for their customers? Thanks and keep on the good work! Geir says: April 13th, 2016 at 22:24 (#) We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords. We have also spent time improving our new authentication service (which is the foundation for 2FA), to make sure it scales in our production environment. What remains is mostly to handle a couple of legacy interfaces to make all of our services use the authentication service instead of native/custom authentication. Then we will do some thorough testing, after which we can gradually deploy in production and invite some beta testers. Kaisersoze says: April 14th, 2016 at 09:28 (#) Hi Geir, Many thanks for the update. Could you please give us a target date for this to be implemented? Im sure you must have a target date… Regards No reply. Initial question in February and by then: "We’ve had significant progress and have finalized development of our 2FA web interface, which will include functionality for turning services on/off, Two-Step Verification, One-Time Passwords, Trusted Devices, and Application-Specific Passwords" TBH I dont even know why I am following this anymore. I have moved my email away from RB months ago. ~I just cant afford someone to break into my account and take all my other accounts as they please. Sorry Runbox, but this is no way to run a business. Security is not a feature these days and I fail to understand why you make yourselves busy with caldav rather than your customer's security. On top of that, you have customers asking 2FA for ages (a simple search on the forum will show you that) and you have been dragging this without setting any expectations...All we get is "its almost done"