I suggest you ...

2-factor Authentication

Multi-factor authentication is not a luxury anymore, it's a basic necessity for any service that truly puts a high value on privacy.

1,426 votes
Sign in
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Our brand-new beta client now supports 2FA with U2F (eg YubiKey) as this is the most secure option and TOTP. More options will follow so let us know which you prefer! :) Please access the new client here: https://mail.tutanota.com/

You can find more details about our new client on our blog: https://tutanota.com/blog/posts/secure-mail-public-beta-release

You can find more details on 2FA in our FAQ: https://tutanota.uservoice.com/knowledgebase/articles/1201942-how-does-two-factor-authentication-2fa-work-in-t

Do you like the improvements of our brand-new beta client? Feel free to upgrade to Premium (it’s only 1 Euro per month) and support our developers! Thank you. :)


Sign in
Sign in with: facebook google
Signed in as (Sign out)
  • Anonymous commented  ·   ·  Flag as inappropriate

    We are in July, which is technically past the first part of the year. any update. I can't switch to your service until I can use my yubikey.

  • Jon commented  ·   ·  Flag as inappropriate

    Please give various options for 2FA as I would not want to use Google Authenticator. You've already got option to link signup with the device hardware, maybe adding SMS works for those who don't mind receiving cell notifications - there's a raft of options you could offer. What's important is the ability to REMOVE any device that has previously been granted access (this is an option in settings to remove iOS device, but doesn't yet exist for any browser sessions) and to use 2FA for signup on any new device by default. Remember security will be determined by weakest link in the system, so on a shared or group email, whichever recipient has a weak password, or has not been forced to configure 2FA will compromise the group as a whole.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I note the objection to using a cellphone number for 2-step Authentication, from the other commenters writing here. Good point - what is the alternative ?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Yeah, 2-step Authenticaiton was the only thing that kept me in gmail recently.

    Until I found that gmail was not forwarding my business docs to most of my clients and this began to bankrupt me.

    So when tuta gets 2-step I will switch completely.

    Suggest that teh second step is the choice between a call / SMS to my handy / cell / mobile phone, or a call to my landline.

    How will this work internationally ? (I.e. who pays for the call, if I am in the US for example and the call/SMS originates in Europe ?).


    * *

  • Alex T. commented  ·   ·  Flag as inappropriate

    There's like a little more than a month left before the first half of 2016 is over.
    Any status update on 2-FA?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Can't wait for 2FA! will definitely switch over much more to tutanota after that, maybe even exclusively for work related emails.

  • PrivacyGuru commented  ·   ·  Flag as inappropriate

    I would really like 2FA to be inplemented. Especially Ubikey. I use ubikey for LastPass & a boatload of other accounts I have. Ubikey would be really useful as there is no need multiple 2FA items/apps.

Feedback and Knowledge Base