FastMail

2FA




Fastmail Email on your side Why Fastmail? Powerful features Privacy and security Our values Great for business Our company Pricing News Get Support Log in Sign up Using two-step verification (2FA) <p>Two-step verification increases the security of your account by requiring two steps - your password plus an additional security step - in order to log in to your account. We support two-step verification with either an app on your phone, a dedicated security device that plugs into your computer, or a code sent by SMS.</p> <p>You might have heard of two-step verification being called "two-factor authentication" or "2FA".</p> <p>It is not required to be set up on your account, but it is recommended if you want additional security.</p> Why should I use two-step verification? <p>In an ideal world, all passwords would be a secret. But the more a password is used, the more exposed it becomes to malicious attackers. They might try to steal it (through phishing or malware/spyware), or guess it (through brute force repeated dictionary attacks).</p> <p>With two-step verification, if someone does manage to steal your password, they still can't use it to log in to your account without your verification device.</p> How to set up two-step verification General Setup Instructions <ol> <li>Open the Settings → Password &amp. Security screen.</li> <li>If this is your first time enabling two-step verification for this account, you must add a recovery phone to your account (see "Account Recovery Credentials" below).</li> <li>If you have a recovery phone on your account, go to the Two-Step Verification section and click <strong>Add</strong>.</li> <li>Click <strong>Set Up Two-Step Verification</strong>.</li> <li>Select which kind of verification device you're adding to your account. Skip to the "Authenticator App" or "U2F or YubiKey OTP" instructions below for instructions on adding your verification device.</li> </ol> Account Recovery Credentials <p>To help make sure that you are not locked out of your own account, before you can enable two-step verification, you must add a recovery phone to your account. If you ever lose access to your primary form of two-step verification, your recovery phone can be used to prevent you from being locked out of your account. You get a code sent to your phone instead to complete your second step when you log in.</p> <ol> <li>From the Settings → Password &amp. Security screen, go to the Account Recovery section and click <strong>Add</strong>. Enter your password in the yellow box and click <strong>Unlock</strong> to allow changes on this page.</li> <li>Click <strong>Add Recovery Phone</strong> to add a recovery phone number to your account.</li> <li>Enter your phone number and click <strong>Send Verification Code</strong>. Clicking this button will send a verification code to your recovery phone.</li> <li>Once you've received your verification code, enter the code and click <strong>Verify</strong>. This will add your recovery phone to your account.</li> <li>A confirmation screen will appear. Click <strong>Done</strong> to return to the Password &amp. Security screen.</li> </ol> <p>On the Account Recovery screen, you can also see your recovery code, which is randomly generated for your account. If you forget your password or lose your security device, you can use the recovery code as part of the recovery process to reset your password and restore access to your account. We <strong>strongly recommend</strong> writing down or printing out your recovery code and keeping it somewhere safe.</p> Authenticator app <ol> <li>Once you've installed the authenticator app on your phone or tablet, select to <strong>add a new account</strong>.</li> <li>Use your device's camera to <strong>scan the QR code</strong> on the screen. (Or manually type in the key on the screen into the authenticator app.). If you're setting up an OTP device, select "Set a custom key" and enter the key that came with your device.</li> <li> <strong>Enter the 6-digit code</strong> the app gives you into the Fastmail web interface.</li> <li> <strong>Name this device</strong> so you can keep track of your verification devices and remove them if needed in the future.</li> </ol> U2F or YubiKey OTP <ol> <li> <strong>Insert the device</strong> into the USB port on your computer.</li> <li> <strong>Touch the button</strong> on the device once it lights up.</li> <li> <strong>Name this device</strong> so you can keep track of your verification devices and remove them if needed in the future.</li> </ol> How to log in with two-step verification <p>Start by navigating to our login page, then:</p> <ol> <li>Enter your username and your password. Click <strong>Log In</strong>.</li> <li>Enter the current <strong>verification code</strong> from your authenticator app or OTP device, or plug in your security key and touch the button if it has one. If you have more than one two-step method on your account, you can switch method using the links under the login box.</li> <li>You can also declare this computer as trusted which means you don't need to use two-step verification again when logging in on that computer.</li> </ol> <p>If you're using an authenticator app on a phone or through the website, and you use 1Password to manage your passwords, we have detailed instructions on using them together. (Fastmail iOS/Android apps, Fastmail web client).</p> <p>If you'd like to revoke a computer's trusted status, you can also do that on the Password &amp. Security screen: the next time you log in on that device, you will need to re-authenticate using your 2FA.</p> How to set up a client when using two-step verification <p>Mail and calendaring computer programs and phone/tablet apps don't support two-step verification, other than the Fastmail apps.</p> <p>You'll need to set up app passwords for each device instead.</p> <p> </p> Why do I have to add a recovery phone number to set up two-step verification? <p>Keeping your account safe from attackers is very important, but so is making sure you don't get locked out of your own account. Requiring a phone as a backup option balances security (no one else can read your data) and availability (you can read your data). For most users, the risk of losing their two-step verification device is far greater than the risk of someone hacking their SMS. If you lose your phone, the TOTP key is lost, but normally you can get a new SIM card with the same number from your carrier.</p> <p>Please note, if two-step verification is enabled, access to the phone number itself is not sufficient to gain access to an account: you still need two factors (your password AND the SMS).</p> <p>Users who accept the risk of being locked out of their account may remove the recovery phone number from their account after two-step verification has been enabled. <strong>Once the phone number is removed from the account, SMS is no longer an option as the second factor for verification.</strong> If you choose to do this, we <strong>strongly recommend</strong> you write down or print your recovery code and store it in a safe location, and that you set up at least two security keys or authenticator devices. Should you lose access to all two-step verification devices and not have your recovery code, <strong>you may be permanently locked out of your own account.</strong> </p> Which one is right for me? <ul> <li> <strong>Authenticator app</strong> <ul> <li>An app is installed on your phone and randomly generates codes for you.</li> <li>The code needs to be typed when logging in.</li> <li>Free to download.</li> <li> <em>Good if you're new to two-step verification</em>.</li> </ul> </li> <li> <strong>Security key (Webauthn/U2F)</strong> <ul> <li>The most secure option: protects you against phishing.</li> <li>Requires a hardware device.</li> <li>No code typing required.</li> <li>Domain-specific: can be used to log in at www.fastmail.com, but not beta.fastmail.com. </li> <li> <em>Good if you want the best security and ease of use</em>.</li> </ul> </li> <li> <strong>YubiKey OTP</strong> <ul> <li>Requires a hardware device.</li> <li>No code typing required.</li> <li> <em>This is a legacy security key format. There is no reason to use this unless you have an old key that does not support U2F authentication.</em>.</li> </ul> </li> <li> <strong>Security device: OTP</strong> <ul> <li>Requires a hardware device.</li> <li>The code needs to be typed when logging in.</li> <li>Does not require a mobile device or USB port.</li> <li> <em>Good if you can't use an authenticator app and can't plug a device into a computer</em>.</li> </ul> </li> <li> <strong>SMS code</strong> <ul> <li>A code is sent to your phone via text message.</li> <li>Free.</li> <li>The code needs to be typed when logging in.</li> <li> <em>SMS can be used as a backup mechanism in case you lose your security device. This can only be used if you already have two-step verification enabled through an authenticator app or security device.</em> </li> </ul> </li> </ul> <p>You can have more than one two-step verification device on your account.</p> Authenticator apps <p>Not sure which authenticator app to use? We recommend:</p> <ul> <li>iPhone: Google Authenticator, Authy or Duo Mobile</li> <li>Android: Google Authenticator, Authy or Duo Mobile</li> </ul> <p>If you have a different phone, you may still be able to use TOTP. Any app supporting Time-based One-Time Password (TOTP) from the Initiative for Open Authentication (OATH) as specified in RFC 6238 should work.</p> <p> <strong>Note</strong>: Neither the Google Authenticator app nor our server implementation is specific to Google in any way, nor does it ever communicate with Google systems as part of its operation (or with any other system). "Google Authenticator" is the name of Google's TOTP app, which has become synonymous with the authentication method itself.</p> U2F and YubiKey OTP security keys <p>We have tested with a variety of different security keys, and any key that supports U2F should work. We do recommend YubiKey, as in our experience these have the best build quality, a slim profile, and are reliable. You can buy one from the Yubico store or via Amazon.</p> OTP devices <p>Many manufacturers are now selling standalone OTP devices, often in a credit card or key fob form-factor. We've tested with Feitian c200 devices, but any device implementing the TOTP standard should work. We support devices with HEX or BASE32-encoded keys with a 30- or 60-second time step. If your particular device doesn't work, please let us know the make and model of the device and we'll look into adding support for it.</p> <p>When adding these devices to your account, use the <strong>"Authenticator App"</strong> option. This is because OTP devices use the same mechanism (TOTP) as authenticator apps described above.</p> How do authenticator apps and security keys work? <p>Interested in what's happening under the hood to keep you safe? Learn more about how TOTP works, how U2F works, or how YubiKey OTP works.</p> Fastmail security principles <p>We take security seriously at Fastmail and design our systems to improve the confidentiality, availability, and integrity of our customers' data. The user login process and account recovery process are a particularly important part of our security. </p> <p>When you turn on two-step verification, we understand that you value the confidentiality of your account more highly and take extra steps to ensure that. If you lose access to your account when you have two-step verification enabled, the recovery process still requires two independent factors. If a recovery attempt is successful, we delay the final recovery step for 24 hours. In this time, we notify the account owner via email and give them the opportunity to cancel the recovery if they weren't the person who requested it. </p> <p>For more information on how we designed our security system, see our blog post about the design and thought process.</p> Help &amp. Support Security <b>Two-step verification</b> Fastmail Why Fastmail <ul> <li>Powerful features</li> <li>Privacy and security</li> <li>Our values</li> <li>Great for business</li> <li>Pricing</li> </ul> Company <ul> <li>About us</li> <li>Media</li> <li>News</li> <li>Jobs</li> </ul> Get Support <ul> <li>Help center</li> <li>Contact us</li> <li>System status</li> <li>Download the app</li> <li>Referral program</li> <li>Report a security issue</li> </ul> <ul> <li>Download the app on the App Store </li> <li>Download the app on Google Play </li> </ul> Privacy policy Terms of service Facebook Twitter Linkedin





Comments:
On 2020-12-14 23:56:17 UTC, michielbdejong (6) Staff wrote:

Crawled, old length: 11461, new length: 12604

On 2020-12-15 03:21:32 UTC, michielbdejong (6) Staff wrote:

Crawled, old length: 12604, new length: 12604