EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 19 Nov 2022, 06:41 AM   #1
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,966
No password lock on Aliases now

I don't have a password lock on my Aliases, support claim its when you save but no password on my saves.
Terry is offline   Reply With Quote

Old 19 Nov 2022, 11:28 PM   #2
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 412
(Using FM's normal web interface, not the beta, with an uptodate copy of Firefox, no ad- or script-blockers.)

I don't have a personal domain hosted by FM, just use one of their umpteen generic ones.

I just added an alias and there was no password prompt.

But then, adding an alias isn't a security issue. It just gave me one more address to which I can have emails for me sent.

I then tried setting some of the "advanced" options, and none of those produced a password prompt either. Arguably, some of those might be things you'd not want someone else to do - eg rejecting any mails sent to that alias.

I then tried deleting the alias - and that also didn't cause a password prompt.

On the other hand, their system also knows that this test alias has never had any emails sent to it ... so maybe that also reduces the need for a password prompt.
JeremyNicoll is offline   Reply With Quote
Old 20 Nov 2022, 01:33 AM   #3
aoeuaoeu
Member
 
Join Date: Jan 2009
Posts: 50
Quote:
Originally Posted by JeremyNicoll View Post
(Using FM's normal web interface, not the beta, with an uptodate copy of Firefox, no ad- or script-blockers.)

I don't have a personal domain hosted by FM, just use one of their umpteen generic ones.

I just added an alias and there was no password prompt.

But then, adding an alias isn't a security issue. It just gave me one more address to which I can have emails for me sent.

I then tried setting some of the "advanced" options, and none of those produced a password prompt either. Arguably, some of those might be things you'd not want someone else to do - eg rejecting any mails sent to that alias.

I then tried deleting the alias - and that also didn't cause a password prompt.

On the other hand, their system also knows that this test alias has never had any emails sent to it ... so maybe that also reduces the need for a password prompt.
With plenty of respect and with plenty appreciation for this thoughtful post: I think you're giving Fastmail more credit than it's due! Seems to me the password-policy changes of late are just plain weird. As we all know Fastmail will soon require password for Sieve `fileinto` changes. Fastmail knows about the details of Sieve changes just like it knows about the activity of each alias. No rhyme or reason, I say.
aoeuaoeu is offline   Reply With Quote
Old 20 Nov 2022, 08:55 AM   #4
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,966
Fastmails reply

Thanks for following up with us, I'm happy to clarify what has happened here.
Recently, we made a few changes to how we deal with security in your account.
Previously, there was a password box at the top of your Settings → Users & Aliases page which you had to put your password in before any actions were taken on the page.
Now, we have a pop up box that asks you for your password when performing specific actions.
However, if it's within 30 minutes of logging into your account, as you have already put your password in to log in, we consider that enough to be able to make these kinds of changes to your account.
Once that 30 minutes has passed, if you try to make these kinds of changes, you will be once again asked to input your password.
Please feel free to contact us again if you have any other questions or concerns. We're here to help.

But what if someone hacks my account, set up an alias so they get a copy of my emails.....and then log out.
I would have no idea as I don't check my aliases every day.

Why the hell change something that was working ok ????
Terry is offline   Reply With Quote
Old 21 Nov 2022, 04:41 AM   #5
aoeuaoeu
Member
 
Join Date: Jan 2009
Posts: 50
Thank you for this info!

Banners for easy-to-overlook changes would go a long way!

I agree 100% with the 'it was working ok' thinking!

These changes feel so darn backwards.
aoeuaoeu is offline   Reply With Quote
Old 21 Nov 2022, 04:36 PM   #6
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,966
Just Unprofessional.....as it could be a security risk.
Terry is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 10:26 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy