I suggest you ...

Allow opt-out from the recovery code

Some users don't want to use the recovery code feature as it just makes it easier for an attacker to gain access to their account. Let responsible users opt-out if they so choose. Don't force a controversial feature on all users.

463 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Debra shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  AdminTutanota Support (Admin, Tutanota) responded  · 

    The recovery code does not make it easier for an attacker to gain access to an account as long as you don’t write the recovery code down and store it in an insecure place. Unfortunately, some users spreaded false information about this feature to discredit Tutanota.

    The recovery code was a feature requested by many users and it is the most secure account recovery that has ever been implemented.

    To make it short: If you don’t trust the recovery code, you don’t trust Tutanota as it is based on the same strong cryptography that all other parts of Tutanota are also based on.

    We removed the popup to ask for the recovery code from the next release, as probably all users that want the recovery code set it up already. See
    github.com/tutao/tutanota/issues/880

    16 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • dfbgdgdg commented  ·   ·  Flag as inappropriate

        Why are you (Tutanota) not giving your users the option to opt-out? Its a basic principle of transparency - giving users a choice. Also good one for deleting half the comments from this thread, something Google would do

      • Anonymous commented  ·   ·  Flag as inappropriate

        You should allow an opt-out for the recovery code, some users don't want it or trust it. Also, nice censorship at deleting half the comments here. Your response is BS.

      • Clairvaux commented  ·   ·  Flag as inappropriate

        I would suggest opt-out being allowed, purely for psychological and marketing reasons.

        I accept Tutanota's technical explanations about the recovery code. I have no reason to suspect a recovery code + password configuration is not as secure as a password-only configuration.

        However, it's very difficult to grasp psychologically. There's one piece of advice given by Tutanota on reddit, that's logically flawless, but incredibly difficult to accept mentally : if you don't like our recovery code system, just set one and forget it. Just don't write it down, do as if it had never existed.

        For non-tinfoil hat people, this is completely counter-intuitive and unsettling. For slightly paranoid people, and many Tutanota users are bound to belong to that category, it's a big red flag.

        I believe people should be allowed to make their own choices, and risk losing their account by losing their password if they prefer it that way, and don't wish to set a recovery code.

        Unless there's a compelling reason we don't know about, and then Tutanota should tell us about it.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Yes, please don't. The only reason we come to your service is because of your constraints on abusing users.
        Allow users the freedom.

      • Anonymous commented  ·   ·  Flag as inappropriate

        i don't want a recovery mode, nor do i want to be constantly pestered to set one up. let me choose if i want one, or create one later but don't force me to have one. I expect this kind of annoying notification from microsoft office not my paid for Tutanota account

      • Tim commented  ·   ·  Flag as inappropriate

        There will always be a "hidden" recovery code. That's how encryption works.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I don't get it. When I click "Später" I don't mean to be nagged about it again and again everytime I start the app. Bring it up in 14 days or a month, I may reconsider, depending on how you clean this mess up. Right now it makes me cancel my subscription simply because of the lack of reply to a crucial issue.

      • Richard commented  ·   ·  Flag as inappropriate

        No crypto payments for four years and now a forced recovery code / backdoor. This is extremely disappointed, I thought Tutanota stood for freedom and liberty. I guess I should have known though with them being based in Germany, it's impossible for Germans to support liberty, privacy, and free speech.

      • Anonymous commented  ·   ·  Flag as inappropriate

        If opt-out doesn't get implemented then I guess private email is dead as we know it.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Tutanota acting like a totalitarian nanny state who knows what's best for us and treating us like children who can't make our own decisions is a big turn off. I'm losing faith in Tutanota over this fiasco. Just listen to your users and add an opt-out. Not all users want to be forced to use it.

      • Ricardo commented  ·   ·  Flag as inappropriate

        It's really fishy that they're forcing it on all users... almost like it was mandated from the authorities.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I can understand why some users would want a recovery feature. However, Tutanota shouldn't force the feature on users that don't want it. We don't need to be treated like children who need their hand held. We can make our own decision on whether or not we want to take the risk of enabling a recovery code like a responsible adult. Additionally, after all the rumors they really need to add an opt-out feature just to mitigate the perception that it was added for malicious purposes at the request of a government.

      Feedback and Knowledge Base