For over a year now, FastMail has supported two-factor authentication via SMS and one-time passwords. As a quick reminder, the way this works is:
This is especially useful for people travelling and using Internet Cafes or kiosks that they don’t necessarily trust, and might be infected with keyboard logging trojans that steal passwords. With a one time or sms password, the password can only be used once and is thus useless if stolen.
Additionally for extra security, the alternate logins can be setup as “restricted logins”. When using a restricted login, no emails for files can be deleted, so even if somehow a hacker hijacks your session, they can’t delete or damage any email or files in your account.
While these feature are very useful from a security stand point, the one-time passwords requires some pre-planning to print out and carry around the one-time password list, and the SMS passwords require purchasing SMS credits in your account.
For businesses and families, we’ve now made the SMS passwords easier to use. Basically now only the business/family has to buy SMS credits, and then any user in the family/business can use those credits to have an SMS password sent to them. This feature has to be enabled for the business/family on the Manage –> Business/Family Preferences screen via the Allow SMS two-factor logins preference.
So the detailed steps to make this work are: