No more master password = more security?

[daandi]

Today I had to change from the standard and master account system of Fastmail to the new 'enhanced' security system and really do not understand what the advantage is.

We run a little hotel with reception, administration, maintenance and restaurant using mail accounts in FastMail. All departments used Fastmail for their daily tasks, without any problems. The only area nobody could touch was the configuration and admin stuff, that was only accessible with the master password.

Now since all have the same password everybody can mess around in these areas!

Everybody can
- change the account password,
- remove the account recovery email address
- can purge mails and delete BCC configurations I
used to send copies of mails to a remote mail account for email archiving
- change credit card information, mess around with pop links and personalities...

I really do not see the improvement in security with this system. Probably I didn't get it right or there are methods to achieve the same security as I had with a very simple system.

I would be happy if somebody could give me a hint how I could achieve the same security level with separated standard and admin areas in the new system configuration.

best regards
Andreas

[Terry]

Sorry I cant help you much but the new security system was not compulsory, so perhaps see if you can go back to what you had or wait for someone with a few brains to help you sort it out.

[BritTim]

There are good and bad aspects to the new system. You are pointing out one of the weak areas, where it has not been well thought out.

As you have pointed out, there is often a need to distinguish between user and administrative use of accounts. You can now achieve a clear distinction if you prevent your users from having access to the web interface, forcing them to use an external mail client such as Thunderbird. Actually, security is now much better than before if you take that approach. Unfortunately, there is much less control when the user is given the password allowing access to the web interface.

There are many ways of configuring an email system with separation of administrative and user functions in the web client. In the past, Fastmail did this imperfectly with a combination of the Master account and alternate passwords. They now do it worse, with the alternate passwords allowing limited access having been eliminated. Some functions are limited to the Master account but, as you point out, the user is allowed to do things that many administrators want to restrict.

One of Fastmail's strengths is its web client. However, if you want to maintain full administrative control, you will need to prevent your staff from having access to it, and mandate exclusive use of external mail clients with application passwords instead.

[Cox]

Another solution could be to create a second account. The inbox or any other folder could than be shared between the administrative and user account.

Unfortunately, this doubles the cost. On the plus side: The second account could also use the enhanced security options like 2FA.

[daandi]

Quote:

Originally Posted by Cox

Another solution could be to create a second account. The inbox or any other folder could than be shared between the administrative and user account.

Unfortunately, this doubles the cost. On the plus side: The second account could also use the enhanced security options like 2FA.

@Cox
Thank you for your reply. This looks interesting. I think best would be to open a business account with at least 2 users.

At the moment we have an enhanced account + extra storage, currently using 32GB. Do you know if a standard business account with two users would work to handle this amount of mail data? How does a shared mail folder count?

Or do I have to take a professional account with 2 users?

[daandi]

Quote:

Originally Posted by Terry

Sorry I cant help you much but the new security system was not compulsory, so perhaps see if you can go back to what you had or wait for someone with a few brains to help you sort it out.

Hmmm ... for me it looked compulsatory. We could not lock in anymore as standard user ...
no way back.

[Terry]

Strange....I am still not using the new system and I log in as normal...

Perhaps there in not an option to go back.

This is a comment from Rob from Fastmail posted on this forum....It's not mandatory. If regular username & password works fine for you then you can continue do that.

[Cox]

Quote:

Originally Posted by daandi

At the moment we have an enhanced account + extra storage, currently using 32GB. Do you know if a standard business account with two users would work to handle this amount of mail data? How does a shared mail folder count?

Or do I have to take a professional account with 2 users?

The documentation states, that

Quote:

All messages within a shared folder count towards the owner's mail quota.

I think you have two options:

• Use the professional plan with 100 GB storage. As far as I know, account types cannot be mixed, so you would need two professional plan users.
• Or you could use the standard with 25 GB per user and buy additional storage for the administrative user.

The documentation contains the following for the second option

Quote:

Storage space comes in a multiple of the original plan allocation, up to a maximum of 300 GB. Each time you add email storage, you're adding the equivalent cost of an additional user to your account.

So you would need a total of three standard accounts (two for the administrative user) and one for your unprivileged users.

This is still cheaper (3x 50 = 150 $) compared to two professional users (2x 90 =180 $).

Hope this helps

[BritTim]

Quote:

Originally Posted by Terry

Strange....I am still not using the new system and I log in as normal...

Perhaps there in not an option to go back.

This is a comment from Rob from Fastmail posted on this forum....It's not mandatory. If regular username & password works fine for you then you can continue do that.

What Rob was referring to was the master password, and he is indicating that people using mail.messagingengine.com with the master password would be allowed to continue doing so, not forced to use app passwords. Eliminating the alternate passwords with reduced rights for web login was always the plan.

[Terry]

Yes that is what I was referring to....nothing has changed in my account I am still using the old master password system....and it was not compulsory as I have already pointed out, but once you have moved to the 2 password system can you go back to the original master account password system, I don't think you can.

[IanO]

Quote:

Originally Posted by BritTim

There are good and bad aspects to the new system. You are pointing out one of the weak areas, where it has not been well thought out.

As you have pointed out, there is often a need to distinguish between user and administrative use of accounts. You can now achieve a clear distinction if you prevent your users from having access to the web interface, forcing them to use an external mail client such as Thunderbird. Actually, security is now much better than before if you take that approach. Unfortunately, there is much less control when the user is given the password allowing access to the web interface.

There are many ways of configuring an email system with separation of administrative and user functions in the web client. In the past, Fastmail did this imperfectly with a combination of the Master account and alternate passwords. They now do it worse, with the alternate passwords allowing limited access having been eliminated. Some functions are limited to the Master account but, as you point out, the user is allowed to do things that many administrators want to restrict.

One of Fastmail's strengths is its web client. However, if you want to maintain full administrative control, you will need to prevent your staff from having access to it, and mandate exclusive use of external mail clients with application passwords instead.

Great summary. I was a fan of alternate passwords as this allowed me a really strong password that I don't even remember (I use KeePass) and an easily remembered alternate one that I could use anywhere without compromising administrative access. I can no longer do that.

[daandi]

Quote:

Originally Posted by Terry

Yes that is what I was referring to....nothing has changed in my account I am still using the old master password system....and it was not compulsory as I have already pointed out, but once you have moved to the 2 password system can you go back to the original master account password system, I don't think you can.

My standard password did not work any more since the first days of October. I did not change to the two-step verification (2FA). I did not change anything.

So for me it seemed that I had no choice...

[placebo]

Quote:

Originally Posted by Terry

Yes that is what I was referring to....nothing has changed in my account I am still using the old master password system....and it was not compulsory as I have already pointed out, but once you have moved to the 2 password system can you go back to the original master account password system, I don't think you can.

The Password & Security page says that removing all of the trusted devices turns off two-step verification. I'd try it out, but I don't want to go through the hassle of setting everything up again afterward.