|
The SMS system isn't secure anyway
I'm like the person earlier in the thread who had an Alternative Login setup for his kids except that mine isn't for kids but it is a similar situation. I've got till the 31st of August to replace our configuration or just give the users full access to an account that they didn't have before and we definitely don't want to give them. In fact we wouldn't have paid for Fastmail accounts for this project if we had prior knowledge of these changes. Fastmail have suggested that I setup shared folders instead but I can't see how that's going to help unless I move the users off the web interface and give them just SMTP / IMAP logins but to do that I'll probably have to visit each one in person in order to set things up, which isn't very practical for me.
All this headache is part of a move to a new security setup which sounds like it's based very much on 2FA using SMS to your mobile phone. There's an elephant in that room that I've not seen anyone here mention, the SMS system is part of the telephone network. Any IT security specialist should know that this is not secure. I'm on holiday and don't have the details with me but there are well known flaws in the SMS system that can be exploited to intercept and redirect SMS messages to another phone. It may be unlikely but you cannot be 100% safe using SMS as a second authentication factor.
My point is that Fastmail are taking away some functionality that people use and rely on and replacing it with something that isn't necessarily better. Their excuse is that not many people use it, their suggested alternatives are flimsy and their communication on these matters has not been good (some of my users have even been sent long technical mails written in english, which they wouldn't understand even if they spoke english).
I wish they would reconsider removing Alternative Logins on the 31st August and give us a few more months to work out alternative solutions.
|