We are excited to announce the launch of a new Account Security interface with Two-Factor Authentication (2FA) for Runbox.
This completes more than a year of development, and we are quite proud of the result. The new features will significantly improve the security of your Runbox account when you activate them.
Account Security features
The new Account Security interface includes 4 main features: Two-Factor Authentication, Manage Services, App Passwords, and Last Logins.
Used separately or in combination, these features add extra layers of security to your Runbox account.
Two-Factor Authentication
Two-Factor Authentication (2FA) is a log in procedure where an additional piece of information is required in addition to your username and account password.
This additional factor is a code that can only be used once, or for a limited period of time.
Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.
Manage Services
The new Account Security interface lets you disable various services such as IMAP, POP, and SMTP. These are the services you use when using an email app/program to access your mail.
By disabling services you are not using, you prevent attempts at unauthorized access to your account via those services.
App Passwords
You can also set up unique passwords for each of your apps or devices, giving you complete control over the access to your account.
If you then happen to lose a device you can simply delete the corresponding app password, effectively disabling access from that device.
Last Logins
This section shows a list of the most recent login attempts to your account from each service such as web, IMAP, POP, and SMTP.
If you suspect that there have been unauthorized login attempts to your account, you can review this list and take appropriate action.
How to set up Account Security features
To get started, just go to the Account Security screen to set up 2FA and the other security features.
We encourage you to review our Account Security help page for details about the new functionality first. This will ensure that you understand how 2FA works and prevent you from getting locked out of your account.
We welcome any questions or feedback you might have, either as comments to this blog post or via our contact form or support system.