I've been looking at security keys like the Solo V2, but it looks like my email provider Mailbox.org doesn't support (and never will support) anything other than their utterly crappy 2FA with a 4 digit PIN and a random 6 digit sequence[1].

If only there was some other service as good as Fastmail, but with humane prices.

1. userforum-en.mailbox.org/topic

@hund mailbox.org sucks at 2fa. I am a long standing user of a yubikey but their implementation makes so little sense mailbox is almost the only service that I do not have 2fa on. Shame.


@alper That's the issue several users have pointed out, that their poor way of implementing it just discourage users to use it. Meanwhile is Mailbox talking about how secure it is and how they know better than everyone else.

I have no idea how a 4 digit PIN is any more secure than a +50 character long password.

@hund It is not. They probably think of 2fa as an password burden solution more than a security implementation. Security wise 50+ random password may have negligible security over 6 digit pin both with 2fa (with exception of some attack vectors) but lack of choice whats make me not use it and stick with my password habits.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.