Welcome to the mailbox.org user forum!
 

External User Forgot Guard Password Reset

6803828 shared this question 20 months ago
Answered

Hi


I sent encrypted mail to a user without mailbox.org. recipents clicked on the link and created the guard password.


This user then forgot the password for the guard. I still want to send encrypted mail to this user. The user cannot open and read the mail because he forgot his password.


How to external users can solve this problem. External user Is it possible to reset the password?

Comments (3)

photo
1

Hello!

I am still a Mailbox user a year later but still have this problem and am considering switching to another service before becoming a long-term member. Many of my clients only receive messages from me once a month or less, and so many of them forget their passwords yet have no way of resetting. Is this issue being addressed? Could 2-factor auth. be a possibility? If anyone knows whether a modification could be on its way I'd love to hear.

Thanks!

photo
1

This is a serious problem. People / clients that I send non-PGP encrypted emails to, do not want to be making up passwords on the spot for a for an email provider they do not use. A one time use password would be fine. Then when I send another encrypted email to them in 6 months they do have to remember a password they made up and forgot. Mailfence does encrypted email to non-PGP recipients correctly. Frustrating.


The mailbox.org system of temporary mailboxes for external users, passwords that must be remembered by external users forever (1yr), and a PIN that also must be remembered is crazy. For anyone struggling with same problem. Here is the mailbox.org FAQ on this topic.


https://kb.mailbox.org/display/MBOKBEN/Temporary+mailbox+for+external+users


"As soon as the addressee opens the link (and verifies himself with the PIN if necessary), he must create a password for his temporary mailbox. The password can then no longer be changed. The reason for this regulation is that we can only guarantee the security of encrypted communication under these conditions. Otherwise a third party could misuse the password forgetting function necessary for the password reset in order to gain access to this temporary mailbox of the addressee.

Since the further, encrypted communication runs via this temporary mailbox, it is imperative that your communication partner memorizes his password well!

Temporary mailboxes are deleted after one year of inactivity."

photo
1

@ 9511364: Thank you very much for your feedback.

Please let me classify this.


1. Any of our users are free to either communicate with their counterparts without any encryption, to communicate with their counterpart via our Temporary mailboxes or to stick to encrypted communication with their own PGP key-pairs.

If there is a public PGP key available in the mailbox.org online office for the recipient, this will always have priority and in such a case no Temp mailbox is created for the external user.

This can also be considered a workaround if the external user lost his password.

2. The PIN can be used in order to harden the process of setting up the Temp mailbox for an external user when he first logs in. It is optional and only has to be used once.

3. As we have gotten aware of the shortcomings of long deletion periods, we have recently updated the deletion period to 90 days of inactivity.

The guide has been updated as of now.

Please be advised that we're in the process of refreshing our documentation and that this guide is also going to be reviewed extensively in the near future.

Leave a Comment
 
Attach a file