"Current notices about Posteo: News, developments, background information and media appearances."


New two-factor authentication available

Created at 12.November 2014, 14:45 | Category: Info

Dear Posteo users,

We have news: You now have the possibility to enable two-factor authentication for additional security of access to your Posteo account (in the browser).

The technology is comparable with multilevel security processes in the banking industry. At an ATM, you can only withdraw cash if you know something (your PIN) and possess something (your ATM card). With two-factor authentication, the situation is similar. In order to log in, you need something that you know (your Posteo password) as well as something that you possess (e.g. your mobile phone). The Posteo login process only changes slightly with the additional security: After entering your username and password, you will in addition be asked for a current one-time password. The current one-time password will be shown to you on a device (e.g. a mobile phone, tablet or desktop) on which you have activated two-factor authentication.

If criminals or intelligence agencies obtain your access information (username and password), they will have no way to access your account via the webmail interface and, for example, to manipulate your account and security settings. The conventional access details are no longer sufficient for the login process.

We have set up two-factor authentication to be as simple and secure as possible. With Posteo, two-factor authentication technology can be used not only with free apps for all current platforms, but also with special hardware (such as a Yubikey). All users who only access Posteo in the browser (i.e. webmail) can distinctly increase the overall security of their emails and account by enabling two-factor authentication. If you specify in the settings that you use webmail only, access will be blocked for local email programs. This eliminates the possibility of attacks, which don’t happen via the browser but rather via external programs (by IMAP and POP3).

Setting up two-factor authentication is simple. It is also recommended for users without technical knowledge. The technology is based on the open TOTP standard. There are no additional costs – the new function is provided at no extra charge. You can find out how to activate two-factor authentication in our help section.

Two-factor authentication significantly increases the security of webmail access. Our development team is currently also working on a solution that will also increase security of access via local email programs using a multilevel security process. We hope we can also make this solution available to you soon.

Best regards,

The Posteo team