EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 12 Apr 2019, 06:59 AM   #1
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 485
So many providers without 2FA?

I happened to purchase a new domain the other day and decided to try a free trial of the domain registrar's hosted email. Easy to set up, not bad webmail, inexpensive, but no 2-factor authentication. It got me to thinking how 2FA is an absolute must-have in today's email world. Then I started looking around and I noticed a fair number of other services lack 2FA. Migadu email is one that has interested me and I might be willing to give it a whirl, but it lacks the basic, required functionality of 2FA. Outside of email I would never dream of using an ATM card that didn't include PIN protection, or an investment or bank account without 2FA. Email is of similar security importance. What are these companies thinking?
TenFour is offline   Reply With Quote

Old 12 Apr 2019, 08:46 PM   #2
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,177
Quote:
Originally Posted by TenFour View Post
I happened to purchase a new domain the other day and decided to try a free trial of the domain registrar's hosted email.
I have a few domains hosted with Gandi, so I could take advantage of their free webmail:

https://www.gandi.net/en/domain/email?country=US

There is a downside here also, in that 2FA isn't currently available, although it has been pointed out to me previously here in the forum that with 2FA on your domain account, you do have some measure of control to help prevent a hijacking. Probably the best way is to have an outrageously long complicated password to help protect the e-mail account.
FredOnline is offline   Reply With Quote
Old 12 Apr 2019, 08:52 PM   #3
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 485
The problem isn't password guessing or brute force attacks. Most account hacking is due to phishing and stolen passwords. Without 2FA it doesn't matter how strong your password is if they have it. I would be wary of any email service that doesn't include 2FA, because it shows they don't take your security seriously. I wonder how careful they are in storing all those passwords too?
TenFour is offline   Reply With Quote
Old 23 Apr 2019, 12:11 AM   #4
SideshowBob
Member
 
Join Date: Jan 2017
Posts: 39
Quote:
Originally Posted by TenFour View Post
The problem isn't password guessing or brute force attacks. Most account hacking is due to phishing and stolen passwords. Without 2FA it doesn't matter how strong your password is if they have it. I would be wary of any email service that doesn't include 2FA, because it shows they don't take your security seriously. I wonder how careful they are in storing all those passwords too?
My understanding is that they don't store passwords, they store salted-hashes. If an attacker gains access to a database that stores this information, they can only get the weaker passwords. Once they have a list of username/weak password pairs, they can try the same or similar combinations on other online services.
SideshowBob is offline   Reply With Quote
Old 23 Apr 2019, 12:17 AM   #5
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 485
Quote:
My understanding is that they don't store passwords, they store salted-hashes.
I'm sure the good ones do, but how do you know how careful they are? On the other hand, I once worked for a large email service provider and I could access almost all customer data in plain text very easily. I wouldn't be surprised at all if security was not the best at many providers.
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:59 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy