|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
13 Apr 2014, 11:44 PM | #16 |
Junior Member
Join Date: Oct 2005
Location: Connecticut, USA
Posts: 11
|
Please make two factor authentication a priority.
Please don't limit it to webmail. We IMAP users want it too. I understand you may wish to roll it out in stages, but don't forget us! |
16 Apr 2014, 10:02 PM | #17 | |
Essential Contributor
Join Date: Nov 2007
Posts: 236
|
Quote:
Google uses 2FA for web logins, but not IMAP. They'll assign each device its own long (~30 character), random and complex password that can be cancelled from the web login at any time. Also you could restrict access for the password (only has access to the IMAP, not webmail, nor FTP). That could be a solution that runbox could implement, but you can't consider it to match 2FA... |
|
16 Apr 2014, 11:01 PM | #18 |
Cornerstone of the Community
Join Date: Nov 2008
Location: UK
Posts: 549
Representative of:
Runbox.com |
I was going to reply saying what tomhab said but I was beaten to it
IMAP, SMTP and POP do not support 2FA. The Google method is plausible for Runbox, but that remains to be decided. The vast majority of compromised accounts that we get are due to very poor passwords that could be easily guessed by a computer running a dictionary attack. The next most common reason is poor computer hygiene with regards to malware and viruses, and using computers on public wifi without using encryption. I can't remember the last time I saw an account compromised that had a good password. Using a username that is not part of your Runbox address is also effective (i.e. use an alias as your public email address). 2FA really only provides security when the username and password are compromised, and can be a significant inconvenience to the user (as some people have pointed out elsewhere on this forum). Of course, when it does come in to play, we are all glad that 2FA was there for us. |
17 Apr 2014, 02:08 AM | #19 | |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Quote:
That's why it's so important to me to have 2FA implemented in Runbox webmail asap. Yes, please - 2FA on webmail FIRST - then think about IMAP, etc. I have multiple accounts with Runbox - and other providers that do currently offer 2FA. I sincerely like the Runbox product, but would have to seriously consider my loyalty when time comes to renew accounts. And if you want any beta testers for 2FA, do PM me - and soon? |
|
19 Apr 2014, 01:24 AM | #20 |
Essential Contributor
Join Date: Dec 2012
Posts: 343
|
Common sense protects all the mails!!!
Last edited by emebrs : 19 Apr 2014 at 01:26 AM. Reason: Word |
19 Apr 2014, 01:44 AM | #21 |
Cornerstone of the Community
Join Date: Nov 2008
Location: UK
Posts: 549
Representative of:
Runbox.com |
Of course
Going off topic a little, but one issue is getting people to understand what makes a good password. Whilst this is a strong password, 3TytYOBOh2zAo1u the one featured in this XKCD cartoon is arguably better http://xkcd.com/936/ and easier to remember. However, it isn't immediately obvious to everyone why these are secure, and both are secure for slightly different reasons. As mentioned before, 2FA protects against a different issue as well, that your password is compromised by malware on your computer, or some kind of hacking. That in itself is a reason why us implementing 2FA is important. |
19 Apr 2014, 02:42 AM | #22 |
Essential Contributor
Join Date: Dec 2012
Posts: 343
|
|
19 Apr 2014, 02:02 PM | #23 |
Essential Contributor
Join Date: Oct 2013
Posts: 413
|
We must know that sooner or later we could get malware in our computers, and today itīs easier than ever, even browsing some websites. So even with a good password our email can be compromised. We need 2FA asap.
|