|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
5 Oct 2016, 02:05 PM | #1 |
Junior Member
Join Date: Mar 2007
Posts: 25
|
No more master password = more security?
Today I had to change from the standard and master account system of Fastmail to the new 'enhanced' security system and really do not understand what the advantage is.
We run a little hotel with reception, administration, maintenance and restaurant using mail accounts in FastMail. All departments used Fastmail for their daily tasks, without any problems. The only area nobody could touch was the configuration and admin stuff, that was only accessible with the master password. Now since all have the same password everybody can mess around in these areas! Everybody can - change the account password, - remove the account recovery email address - can purge mails and delete BCC configurations I used to send copies of mails to a remote mail account for email archiving - change credit card information, mess around with pop links and personalities... I really do not see the improvement in security with this system. Probably I didn't get it right or there are methods to achieve the same security as I had with a very simple system. I would be happy if somebody could give me a hint how I could achieve the same security level with separated standard and admin areas in the new system configuration. best regards Andreas |
5 Oct 2016, 02:20 PM | #2 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Sorry I cant help you much but the new security system was not compulsory, so perhaps see if you can go back to what you had or wait for someone with a few brains to help you sort it out.
|
5 Oct 2016, 04:37 PM | #3 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
There are good and bad aspects to the new system. You are pointing out one of the weak areas, where it has not been well thought out.
As you have pointed out, there is often a need to distinguish between user and administrative use of accounts. You can now achieve a clear distinction if you prevent your users from having access to the web interface, forcing them to use an external mail client such as Thunderbird. Actually, security is now much better than before if you take that approach. Unfortunately, there is much less control when the user is given the password allowing access to the web interface. There are many ways of configuring an email system with separation of administrative and user functions in the web client. In the past, Fastmail did this imperfectly with a combination of the Master account and alternate passwords. They now do it worse, with the alternate passwords allowing limited access having been eliminated. Some functions are limited to the Master account but, as you point out, the user is allowed to do things that many administrators want to restrict. One of Fastmail's strengths is its web client. However, if you want to maintain full administrative control, you will need to prevent your staff from having access to it, and mandate exclusive use of external mail clients with application passwords instead. |
5 Oct 2016, 06:17 PM | #4 |
Member
Join Date: Jan 2008
Posts: 34
|
Another solution could be to create a second account. The inbox or any other folder could than be shared between the administrative and user account.
Unfortunately, this doubles the cost. On the plus side: The second account could also use the enhanced security options like 2FA. Last edited by Cox : 5 Oct 2016 at 06:19 PM. Reason: Security benefit for second account |
6 Oct 2016, 09:06 AM | #5 | |
Junior Member
Join Date: Mar 2007
Posts: 25
|
Quote:
Thank you for your reply. This looks interesting. I think best would be to open a business account with at least 2 users. At the moment we have an enhanced account + extra storage, currently using 32GB. Do you know if a standard business account with two users would work to handle this amount of mail data? How does a shared mail folder count? Or do I have to take a professional account with 2 users? |
|
6 Oct 2016, 09:08 AM | #6 | |
Junior Member
Join Date: Mar 2007
Posts: 25
|
Quote:
no way back. |
|
6 Oct 2016, 03:10 PM | #7 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Strange....I am still not using the new system and I log in as normal...
Perhaps there in not an option to go back. This is a comment from Rob from Fastmail posted on this forum....It's not mandatory. If regular username & password works fine for you then you can continue do that. Last edited by Terry : 6 Oct 2016 at 03:30 PM. |
6 Oct 2016, 04:21 PM | #8 | |||
Member
Join Date: Jan 2008
Posts: 34
|
Quote:
Quote:
The documentation contains the following for the second option Quote:
This is still cheaper (3x 50 = 150 $) compared to two professional users (2x 90 =180 $). Hope this helps |
|||
6 Oct 2016, 04:34 PM | #9 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Quote:
|
|
6 Oct 2016, 04:49 PM | #10 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
Yes that is what I was referring to....nothing has changed in my account I am still using the old master password system....and it was not compulsory as I have already pointed out, but once you have moved to the 2 password system can you go back to the original master account password system, I don't think you can.
|
7 Oct 2016, 01:26 PM | #11 | |
Senior Member
Join Date: Oct 2003
Posts: 102
|
Quote:
|
|
13 Oct 2016, 06:24 AM | #12 | |
Junior Member
Join Date: Mar 2007
Posts: 25
|
Quote:
So for me it seemed that I had no choice... |
|
16 Oct 2016, 03:32 AM | #13 | |
Cornerstone of the Community
Join Date: Jun 2004
Posts: 743
|
Quote:
|
|