|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
22 Nov 2014, 03:56 AM | #1 |
Junior Member
Join Date: Oct 2013
Posts: 8
|
Add support for U2F Security Key
It would be great to see FastMail support the new U2F standard. https://www.yubico.com/products/yubi...-security-key/.
Raul |
22 Nov 2014, 09:50 AM | #2 |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
agreed +1!
|
26 Nov 2014, 01:47 AM | #3 |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
It should be noted only the Chrome browser supports the U2F Security Key. Adding support in FireFox has non-trivial challenges.
https://bugzilla.mozilla.org/show_bug.cgi?id=1065729 |
26 Nov 2014, 02:50 AM | #4 |
Essential Contributor
Join Date: Jun 2009
Posts: 340
|
related question: does Fastmail support 2FA using a token that is non-USB (and not a smartphone)? Eg a token that generates a number when you press a button, or where the number gets refreshed every 30 seconds.
|
26 Nov 2014, 04:43 AM | #5 | |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
Quote:
https://www.fastmail.com/help/account/2fa.html -- The token/app has to have the ability to import the secret code FastMail generates for your account, as described in the help link. Last edited by pjwalsh : 26 Nov 2014 at 04:54 AM. |
|
27 Nov 2014, 03:24 AM | #6 |
Essential Contributor
Join Date: Jun 2009
Posts: 340
|
I also think such a token makes sense, but I have never been able to find where I can buy it. If you know, do you mind to post a link?
|
27 Nov 2014, 04:06 AM | #7 |
Essential Contributor
Join Date: Mar 2014
Posts: 212
|
Background article:
https://lwn.net/Articles/607652/ |
27 Nov 2014, 05:33 AM | #8 | |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
Quote:
If you're willing to buy a hardware token for the purpose of 2FA FastMail login, you'd be better off getting a YubiKey. The price would be comparable, and the security better. A YubiKey can be used for LastPass as well. https://www.yubico.com/products/yubi...are/yubikey-2/ You specify 'not a smartphone'. If you carry a cell phone which is J2ME capable (most are), here is a simple OATH-TOTP java app that will serve the purpose, without you having to buy something new. I've used it. https://code.google.com/p/lwuitgauthj2me/ https://en.wikipedia.org/wiki/Google_Authenticator https://en.wikipedia.org/wiki/Securi..._device_tokens Last edited by pjwalsh : 27 Nov 2014 at 06:11 AM. |
|
27 Nov 2014, 02:02 PM | #9 | |
Essential Contributor
Join Date: Jun 2009
Posts: 340
|
Quote:
So the question remains if there is non-USB, non-smartphone token that is compatible with FastMail? |
|
27 Nov 2014, 09:58 PM | #10 |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
I answered that, 3rd paragraph. And if you are using an iPad, there are OATH-TOTP apps.
|
27 Nov 2014, 11:41 PM | #11 |
Senior Member
Join Date: Oct 2013
Posts: 100
|
If you don't login too often, SMS passwords (0.12 USD per SMS) are worth considering as well.
|
28 Nov 2014, 04:44 AM | #12 | |
Essential Contributor
Join Date: Jun 2009
Posts: 340
|
Quote:
Also I consider a "J2ME capable cellphone" a smartphone. On my old-school phone (with >2weeks battery life) I cannot install (java) apps Anyway, if someone knows a OATH-TOTP compatible token, I would be interested to hear about it |
|
30 Nov 2014, 04:59 AM | #13 |
Essential Contributor
Join Date: Mar 2014
Posts: 212
|
So, got a Yubico U2F USB stick. Tested with Google Apps, works terrific! Much nicer than TOTP, and probably more secure (since a smartphone compromise would compromise TOTP and could compromise a password database, compared to a secure element in the U2F key).
|
30 Nov 2014, 01:08 PM | #14 |
Essential Contributor
Join Date: Mar 2002
Location: Wicklow, Ireland
Posts: 449
|
The Yubikey NEO doesn't necessarily need USB. It supports NFC and mifare.
|
2 Dec 2014, 02:57 AM | #15 | |
Essential Contributor
Join Date: Dec 2008
Location: Canada
Posts: 312
|
Quote:
https://www.yubico.com/2014/11/speci...n-living-color - the tri-colour set with the cross emblem on the disc is the OTP+U2F key |
|