Welcome to the mailbox.org user forum!
 

Improve 2FA experience & security

Dreemurr shared this idea 12 months ago
Proposed

Hello!

I'm fairly new to mailbox.org and I really want to love it. However I believe that current implementation of incredibly important features such as 2FA is incredibly lacking and may actually harm security instead of improving it.

First of all, the interface for 2FA setup is confusing. User is asked to visit help article to set it up because there are caveats and the setup is way different from 2FA implementations that users normally use, this is a first problem - as if you have to have a long explanation to turn on a security feature it will create not just confusion but also discourage users from using a security feature. The interface for setting up 2FA is implemented with iframe... Within an already existing iframe for the settings, it popping off below the initial setup box for OTP is also easy to miss. In addition to that, the logging in experience with OTP enabled is also extremely bad experience, and I see I'm not the only one who expected to first provide account password and only then provide PIN+OTP, instead of being asked for the latter as entire password.

Secondly, I'm very concerned with security impact of this implementation. The usual password is entirely replaced with... 10 digits. Sure, 6 of them rotate, however 10 digits? If we know that each place in the password field has 10 possible combinations and there is always a static variable of 10 characters this in my opinion decreases security compared to strong password rather than improve it. Because you are giving the attacker already 2 different assumptions they can use to greatly decrease amount of combinations they have to use. I'm no cryptographer nor security expert, so if I'm wrong please let me know. A really simple fix to this issue would be simply to use OTP implementations from other services - use password and OTP together, this is actually a meaningful form of 2FA, there is no need to reinvent a wheel.

Thirdly, it is in my opinion silly to disable other own services of mailbox.org because they don't support OTP yet, I understand this is current limitation, but I really hope there is work towards making it better.

Like I said, I really want to love mailbox.org, and I really hope to stay a subscriber for a longer while because I agree with principles mailbox.org is founded on, however right now, security to me feels like afterthought with 2FA implementation and it scares me to make a proper move towards the service as I can't know if backend is designed with same amount of care as 2FA implementation is.

Replies (1)

photo
3

Well said. I totally agreed. I also love mailbox.org and there principles.

It is perfect not being tracked and a company is not using my data for there benefits and I'm happy to pay for that service. Unfortunately mailbox.org seems not to be a save place for my data, in particular my contacts which contain sensitive information.

photo
1

Apart from the implementation with iframes; To me the current OTP is not usable, thus I switched back. Don't know how masochistic other folks are ... FYI: there's a research field which is called usable security. I would love to see mailbox.org hat topic literally ;-)


So as much as I much appreciate the secure implementation of lots of other features not concerning the UI I would love to see a usable implementation or at least the current one to be amended with the commonly used one (user, pw, TOTP) and then give users a choice.

photo
Leave a Comment
 
Attach a file