|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
26 Jul 2016, 05:21 AM | #181 | |
Junior Member
Join Date: Nov 2012
Posts: 11
|
Quote:
And it's also hard to understand the justification for everyone doing it (look at the top of this page). You can either make (providers hope the bulk of their) users check a box one time, or you can alienate your other users every time they log in. I've unsubscribed to the NYTimes for this reason alone. |
|
26 Jul 2016, 05:28 AM | #182 |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
Just stop syncing. The password will no longer work, so logins with that password will fail. That's all it does.
|
26 Jul 2016, 06:05 AM | #183 | |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Quote:
It all depends on the technology and the app. There's no way to delete offline access to things in some apps, without deleting the app, which means having direct contact to the device. Sorry, you probably wanted more detailed information. |
|
26 Jul 2016, 06:21 AM | #184 |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
|
26 Jul 2016, 06:26 AM | #185 |
Junior Member
Join Date: Jul 2009
Posts: 19
|
You can combine the two and use Yubico Authenticator. The TOTP credentials are kept on the Yubikey, so it is portable, and with some planning, you can have the same credentials on several Yubikeys.
|
26 Jul 2016, 06:39 AM | #186 |
Junior Member
Join Date: Jul 2016
Posts: 9
|
|
26 Jul 2016, 06:47 AM | #187 |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
If you're referring to the checkbox that says "Don't require two-step verification again on this device", she'd never have to check it. It's checked by default. (Wasn't that the whole point of this exhaustive discussion?)
|
26 Jul 2016, 08:05 AM | #188 |
Junior Member
Join Date: Jul 2016
Posts: 9
|
Makes me wonder if Fastmail piloted the upgrade before implementing it.
|
26 Jul 2016, 08:16 AM | #189 |
Senior Member
Join Date: Oct 2013
Posts: 100
|
The way FM does it is better for most people but at every other service on the net you have to tick the box. Nevertheless a minuscule issue IMHO. Just untick the box.
|
26 Jul 2016, 09:10 AM | #190 |
Master of the @
Join Date: Nov 2002
Location: Canada
Posts: 1,015
|
|
26 Jul 2016, 04:09 PM | #191 |
Member
Join Date: Jul 2016
Posts: 42
|
The SMS system isn't secure anyway
I'm like the person earlier in the thread who had an Alternative Login setup for his kids except that mine isn't for kids but it is a similar situation. I've got till the 31st of August to replace our configuration or just give the users full access to an account that they didn't have before and we definitely don't want to give them. In fact we wouldn't have paid for Fastmail accounts for this project if we had prior knowledge of these changes. Fastmail have suggested that I setup shared folders instead but I can't see how that's going to help unless I move the users off the web interface and give them just SMTP / IMAP logins but to do that I'll probably have to visit each one in person in order to set things up, which isn't very practical for me.
All this headache is part of a move to a new security setup which sounds like it's based very much on 2FA using SMS to your mobile phone. There's an elephant in that room that I've not seen anyone here mention, the SMS system is part of the telephone network. Any IT security specialist should know that this is not secure. I'm on holiday and don't have the details with me but there are well known flaws in the SMS system that can be exploited to intercept and redirect SMS messages to another phone. It may be unlikely but you cannot be 100% safe using SMS as a second authentication factor. My point is that Fastmail are taking away some functionality that people use and rely on and replacing it with something that isn't necessarily better. Their excuse is that not many people use it, their suggested alternatives are flimsy and their communication on these matters has not been good (some of my users have even been sent long technical mails written in english, which they wouldn't understand even if they spoke english). I wish they would reconsider removing Alternative Logins on the 31st August and give us a few more months to work out alternative solutions. |
26 Jul 2016, 09:17 PM | #192 | |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Quote:
|
|
26 Jul 2016, 11:32 PM | #193 |
Member
Join Date: Nov 2010
Posts: 75
|
I agree with Nudge above... there should be more time to sort everything out. I'm having a stressful week of work and now I have to totally rethink my security strategy for my email on top of it. I can't imagine how this would be if I was on vacation!
Wish I could say I was surprised by all this, but being a longtime fastmail user I kind of expect quick radical changes with little notice. I've wanted to recommend fastmail to other people before, but it's situations like this that keep me from doing so. Fastmail has reduced an ice cream shop full of all kinds of flavors to basically two: Use a master password or use 2 factor auth. The former leaves you at risk to keyloggers and man in the middle attacks, while the later just basically takes more time & effort to implement. I know that for most people having just two options will work, but those other flavors being available were a HUGE value add to some of us. |
27 Jul 2016, 01:06 AM | #194 |
Essential Contributor
Join Date: Oct 2004
Location: Baltimore, MD Suburbs (US)
Posts: 237
|
So after all this discussion, the US NIST (National Institute of Standards and Technology) dropped this today (or yesterday, I was only sent the article today).
"NIST declares the age of SMS-based 2-factor authentication over" https://techcrunch.com/2016/07/25/ni...tication-over/ |
27 Jul 2016, 01:20 AM | #195 | |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Quote:
The alternative is to use a dedicated 2FA app like Google Authenticator or RSA SecurID, or a dedicated secure device like a dongle. There are plenty of options — SMS was just the easy one.If you notice, the Google App is one of the options for 2 factor under Passwords and Security for Fastmail. Fastmail is implementing the latest method of 2FA |
|