Welcome to the mailbox.org user forum!
 

Unable to Login After Applying 2FA

Galin shared this problem 18 months ago
Published

Hi! New to mailbox, trying out the account. I was able to successfully create the account and password and login and logout several times without any issue. Everything is saved in my password manager and working just fine.

I added a PIN and TOTP (successfully tested), saved and logged out. Now I am no longer able to login. I get a "Wrong username or password? Used full e-mail address?" message even though everything is correct. I am not prompted for the new TOTP code; however, I am assuming this would appear after my login/password was accepted.

What's odd is I can use the same credentials here on the forum, just not on the email login page.

Any suggestions ?

Replies (5)

photo
1

Update and Solved. I was able to successfully login after modifying my uBO settings and ensuring I used PIN+TOTP in the webmail logon page.

photo
1

Thanks for the post. I had the same problem.

I just didn't get it in the first moment. So to clarify for other users who don't get it either in the first read:

Instead of your normal password, use the "Pin + Authenticator Code" after activating the 2FA in your account. for signing up in web client.

photo
1

> I just didn't get it in the first moment. So to clarify for other users who don't get it either in the first read:


> Instead of your normal password, use the "Pin + Authenticator Code" after activating the 2FA in your account. for signing up in web client.

I didn't get it either, and after wasting 30 mins trying to get in and scratching my head to the entirely unhelpful error message, I found this post by pure chance.

I am currently evaluating mail providers to migrate from my current one and sadly I won't use mailbox on account of the completely dumb TOTP authentication:

  • setting up 2FA in settings is an extremely convoluted and confusing process, I cannot imagine how a regular user can get around that horrible UI, I work in software development and barely managed to do it by trial and error
  • replacing password with PIN+TOTP (as opposed to every other service under the sun which just asks for TOTP in a separate step after user/pass login) is completely unintuitive, it breaks every password management software out there, is it's not clearly explained anywhere during 2FA setup process and the worst is it lowers security since you basically replace the password with a 4 digit pin

If something as simple as enabling and using TOTP is so painful and unintuitive, I cannot imagine how much worse more complicated workflows could be. Based on this, I will not be using your service. Do with this feedback what you will.

photo
1

Sometimes I get the distinct impression that:

1. The people who make Mailbox.org don't use Mailbox.org (at least not in the way normal users do, with all the hoops required to jump through).

2. The programmers at Mailbox.org assume if it's easy and obvious to them, it should be so for everyone else, even when their decisions make no intuitive sense for most people.

photo
photo
1

I ran into the exact same issue as Galin did. I just want to clarify the solution, since it took me a few minutes of trial-and-error: enter the PIN followed by TOTP into the "Password" field. For example, for PIN "1234" and TOTP "567890", the right answer is "1234567890".

Following this experience, I decided to revert to password 1FA immediately. Warning: my old password did not work anymore for whatever reason and I had to reset it. So make sure you have recovery email setup - I never received any SMS at the recovery phone number.

photo
1

Could someone please update the documentation? And, important: get rid of the PIN code prefix for webmail login?

Afaik no password manager we use supports a PIN prefix for the TOTP code?

photo
1

Hello.


We have now included the “old” instructions for 2FA again. There are currently two types of 2FA setup.

The new improved and simple method for all new customers and customers who have already switched to the new login 2.0 and the old method for customers who have not yet switched.

The current instructions now describe both methods.

https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa#overview-of-2fa-methods-at-mailboxorg

Many thanks for the information.


Your Mailbox.org-Team

photo
1

Thanks to all who posted the info that for password I need to enter the PIN followed by the code from my authenticator app. I'm not sure how this is more secure than the long password I used before.

photo
1

Hi all,

I enabled 2FA, and generated a new application password for IPhone (ActiveSync). No way I can log in from my phone, no problem from web interface.

I have also disabled 2FA just to get back my contacts and calendar (and mail of course) on the iPhone, but it keeps on asking for the password. Main password not changed.

photo
1

@mangallo When I disabled 2FA, my old password didn't work anymore, I had to reset it.

photo
1

Thank you, 2FA removed and password changed, now I can login again.

photo
Leave a Comment
 
Attach a file
Access denied