Runbox Two-Factor Authentication

June 14, 2017 Geir 12 Comments

Runbox recently launched Two-Factor Authentication (2FA). 2FA is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.

Runbox is the only 2FA-enabled email provider in Norway

Runbox is located in Norway, which has some of the strongest privacy regulations in the world.

By choosing Runbox as your email provider, your data will be protected by these regulations while ensuring your email is secure from unauthorized access.

Read on to find out how Runbox 2FA works and which options are available.

Timed One-Time Passwords (TOTP)

To use this option you will need a smartphone and some free software.

Timed one-time passwords works by giving you a login code which changes over time, in addition to your password.

To get started, download a TOTP app such as Authy, FreeOTP or Google Authenticator onto your mobile phone and follow their instructions.

Note: It is essential that your smartphone has the correct date/time set as this is used by the TOTP app to generate the correct codes that allow you to log in.

One-Time Passwords (OTP)

When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically and cannot be used again.

You can download the the list of passwords to a computer or mobile device, or you can print them out if necessary. However, you must keep the list secure as these passwords can be used to access your account along with your usual username and account password.

Trusted browsers

This option allows the server to trust your current web browser so that you don’t have to use a 2FA code. The option places a small piece of code in your browser (a cookie) that tells the server not to require the 2FA details and you can just log in with username and password.

You should only use this method of bypassing 2FA on a computer or device that you are confident nobody else can log in to. You can temporarily turn on/off individual browsers from the trusted list, or you can delete the browser entry entirely which will force that browser to require the 2FA details.

Unlock code

If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.

The code can be used in conjunction with a secure question/answer for additional security.

Continue Reading →

SSLv3 disabled on POP connections

January 8, 2015 Geir 2 Comments

For security reasons we have turned off SSLv3 on POP connections (port 995) today. That means we now only allow TLS 1.0, TLS 1.1 and TLS 1.2 on POP connections.

As a Runbox user you should not have to do anything — your email program should already support TLS and use it automatically. If not, please make sure your email program is up-to-date.

Apple Mail users: Please see our notice regarding APOP.

If you do experience any problems, please contact Runbox Support.

Continue Reading →

New POP server being added

May 24, 2013 Geir 2 Comments

We’re planning to deploy an extra POP server Monday May 27 at 6-7 AM CET to improve performance for POP email clients.

This deployment should not affect services negatively, but please let us know if you do experience any irregularities using POP during or after the specified time.

Continue Reading →

New POP server name for Apple Mail

February 13, 2013 Geir 2 Comments

Many Apple Mail users have been having problems connecting to Runbox via POP recently due to Apple changing the supported authentication methods in Mail.

Apple Mail POP users can now use the server name apop.runbox.com to connect to Runbox.

If you use Apple Mail with POP (not IMAP), please do this: