|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
25 Jul 2016, 05:58 PM | #1 |
Cornerstone of the Community
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
|
Adding recovery phone
Hi,
Is anyone else (in the UK) having a problem setting this up? I am not getting the confirmation text and gave tried several times. ...I ask because my mobile reception isn't great but I currently have 1 bar. J. |
25 Jul 2016, 06:01 PM | #2 |
Cornerstone of the Community
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
|
OK, it eventually came through - took more like 5 minutes and only after the 5th attempt
|
25 Jul 2016, 06:02 PM | #3 | |
Member
Join Date: Dec 2005
Posts: 88
|
Quote:
Edit: Looks like you received your text message while I was posting. |
|
25 Jul 2016, 06:03 PM | #4 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
AU is a long way away....
|
25 Jul 2016, 06:05 PM | #5 |
Cornerstone of the Community
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
|
|
25 Jul 2016, 06:12 PM | #6 | |
Cornerstone of the Community
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
|
Quote:
(...adding more text so my reply is long enough...) |
|
25 Jul 2016, 06:18 PM | #7 |
Essential Contributor
Join Date: Jul 2013
Location: Germany
Posts: 251
|
I've had no problems setting up the recovery phone, it took just a few seconds to get the verification code.
What seems to be unfavorable to me is that the code is written at the beginning of the text message. So on an iPhone for example you can read the code from the preview in the lock screen without having to unlock your phone. I haven't tried this yet, but if the text for resetting your account password looks the same, this would be a security risk, wouldn't it? |
25 Jul 2016, 06:29 PM | #8 | |
Cornerstone of the Community
Join Date: Jan 2003
Location: Oxfordshire, UK
Posts: 603
|
Quote:
|
|
27 Jul 2016, 02:52 PM | #9 | |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Quote:
I wouldn't consider that a problem, unless you leave your 'phone laying around for all and sundry to pick up and look at. In that case, you are probably more of a security risk. If you don't trust the text message option, you could request the code be sent to an e-mail address instead. |
|
27 Jul 2016, 03:23 PM | #10 |
Essential Contributor
Join Date: Jul 2013
Location: Germany
Posts: 251
|
I know that case is very unlikely – i just thought it would be very simple to avoid that ‘leak’ by putting the security code to the end of the text message. And of course that's only for iOS devices, I don't know how Android or other OSses or devices are dealing with text preiviews. So, everything's fine, don't bother.
|
27 Jul 2016, 03:26 PM | #11 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
|
27 Jul 2016, 04:00 PM | #12 |
Essential Contributor
Join Date: Oct 2008
Posts: 212
|
I actually think it's pretty handy to have the code appear near the beginning of the text message and appear on the lock screen.
1) When I'm in a rush logging in to any of my 2FA services/accounts, I don't need to unlock the phone. 2) Rare case: I actually got locked out of my phone once (eventually needed to wipe and reinstall everything) -- and I couldn't access my text messages but needed urgently to login to 1 of my 2FA accounts. That lock screen showing my first several characters of the message -- and the entire 2FA code -- helped me get in (this was a non-FM account). |
27 Jul 2016, 04:21 PM | #13 |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
The code appears at the start for two main reasons. One is so that it's quickly visible in a phone UI that only presents the first part of the message, and so the entire message can be pasted into the form - we only take the first six characters.
It's impossible for us to predict if and where an individual display will truncate the message. On my particular flavour of Android phone, I can expand the notification on the lock screen to see the entire message, without unlocking the phone. If it really bothered me, my phone has an option to not show message text on the lock screen. Yours probably does too. As an attacker, knowing the code doesn't get you anything though. The code itself is tied to the login session that initiated it - it won't elsewhere. It's also only valid for a short amount of time. |
27 Jul 2016, 04:52 PM | #14 |
Essential Contributor
Join Date: Jul 2013
Location: Germany
Posts: 251
|
Thanks Rob, but I wasn't talking about 2FA but about the Account Recovery feature. With the SMS code I could quickly reset the main account password and then delete all app passwords. Or did I get the recovery process wrong?
|
27 Jul 2016, 05:13 PM | #15 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Edit......
Last edited by Terry : 27 Jul 2016 at 08:59 PM. |