New features to keep your FastMail account even more secure

Product

We’re excited to announce the upcoming release of some new security features, designed to keep your email account more secure than ever before.

On Monday, 25th July, we’ll be launching a range of new security features to provide greater protection in making sure you, and only you, can access your FastMail account.

For most users, the most noticeable change is simply that the login box will move from our homepage to its own dedicated page, so you might want to update any bookmarks. We've provided a complete overview of what else is changing below.

We understand that sometimes change can bring uncertainty, however we want to assure all our users that we’re not changing how you send and receive emails within FastMail. We’ve simply added some additional security measures for greater peace of mind.

As a leader in email security, we’re always looking for more ways we can help you keep your account secure, and we believe our new security features make FastMail an ever better choice for secure email hosting.

What’s changing?

The new security features will only require small changes from you but will offer huge improvements in the security of your account, greatly reducing any chance of your account becoming compromised.

1. We’re making it easier to secure your account with two-step verification.

Two-step verification (also known as ‘two-factor authentication’ or ‘2FA’) increases the security of your account by requiring something you have (your phone or a special security key), to be paired with something you know (your password), in order to log in to your account.

You are probably already familiar with two-step verification, even if you are not familiar with the name. For example, if you use online banking then you may occasionally need to verify your account via an SMS code. Or if you log into a web-based account from a different device or computer then you might be asked to verify your account with an additional code, usually generated at the time of log in as an SMS to your phone.

With the changes coming next week, we’ve made it easier than ever to add this extra layer of security to your account. We’ll be supporting two-step verification with either an app on your phone, a dedicated security device that plugs into your computer (U2F or old-style Yubikey), or a code sent by SMS. Once enabled, you’ll need to use two-step verification to log in from your web browser, or the FastMail mobile app.

If you're currently using our "alternate logins" system, you will need to migrate to the new system sometime in the next month. We will be removing all old-style "alternate logins" on 31st August. Also, please note that if your alternate login has a second factor, you will now be asked for this after submitting your username and password, rather than entering it on the initial login page.

2. We're improving the security of third party app access.

When you set up third party apps to access your FastMail account (such as Outlook or Mail.app on your phone or desktop), in the future you will need to log in to the web first and get a special app password. This password will restrict access to just what the app needs, so it can't be used to change your settings, for example. It also allows you to easily remove the app's access to your account should you ever lose your phone or computer, without having to change your password everywhere. We will generate a secure app password for you, and don't worry – you won't have to remember it!

Any devices you already have set up will continue to work just fine with your regular FastMail password. We will gradually help existing customers to upgrade to the new system for all apps over the coming months, but there will be no change immediately. If you set up the new two-step verification however, you will need to update your apps immediately with an app password, as third-party apps do not currently support two-step verification.

3. We're making it easier to recover access if you forget your password.

In the past you could add a backup email address to your account, which we could use to help you recover access should you forget your password. With the upcoming changes, you will be able to add multiple email addresses and also now phone numbers that we can use to verify your identity. As always, we take your privacy very seriously and will only ever use these details to keep your account secure. We never share them with anyone else.

We have a new account recovery tool that will also be launching soon. This will allow you to regain access to your account more quickly and easily should you get locked out, while providing greater security than ever before against malicious users trying to get in.

Keeping your email secure

Want to learn more about staying safe online? In the lead up to next week's launch of these new security improvements, we'll be posting helpful and informative blog posts each day this week. Check back each day for some more background and additional information on what you can do to keep your account secure, manage your passwords and recover your account should you ever get locked out.


Got any security questions or recommendations? Tweet us @FastMail using the hashtag #securitymatters.