Multi-factor authentication is not a luxury anymore, it's a basic necessity for any service that truly puts a high value on privacy.
Our brand-new beta client now supports 2FA with U2F (eg YubiKey) as this is the most secure option and TOTP. More options will follow so let us know which you prefer! :) Please access the new client here: https://mail.tutanota.com/
You can find more details about our new client on our blog: https://tutanota.com/blog/posts/secure-mail-public-beta-release
You can find more details on 2FA in our FAQ: https://tutanota.uservoice.com/knowledgebase/articles/1201942-how-does-two-factor-authentication-2fa-work-in-t
Do you like the improvements of our brand-new beta client? Feel free to upgrade to Premium (it’s only 1 Euro per month) and support our developers! Thank you. :)
Yubikey Neo (mit NFC) wäre wünschenswert, dann kann man den auch mit NFC-fähigen Smartphones nutzen.
Yubikey Neo support would be useful, so you can use 2FA with NFC Smartphones !
Please consider also enabling Trezor:
Yubikey OTP or U2F would be ideal.
please use Clef or Yubikey. no cell phones.
Personally, I think this is an overrated gimmick. A sound passphrase is literally the key to security. Two-Factor Auth seems to give users a wrong sense of safety as experiences of numerous services suggest (even PayPal offers this). Too often, people are lured to use simple passphrases, "because I still have the Two-Factor thing". Which somehow even makes sense, people will just go so far when it comes to complexity (you still have to memorize all your access data, because writing it down on a piece of paper means you can spare yourself the entire effort to begin with). And memorizing a very complex passphrase plus handling a second factor when it comes to logging in to your email, like a dozen times a day? This is why field experience shows, that people tend to use soft passphrases as soon as a second factor of authentication is implemented.
A safe passphrase is paramount for safe encryption (no algorhytm is worth anything, if your passphrase is so simple, it can be guessed by a simple brute force attack). A Two-Factor stunt is only there for standard access, not for black-hat stunts (or NSA etc. attacks), think about priorities.
So okay, if people want this, make it happen. But please ONLY optional and also not by default - another reason for not making this default for a freshly signed up user: the great benefit of tutanota, which makes it in my opinion the best secure email service there is today, is that it is so easy to use by default. My mother could sign up by herself and read your documentation by herself and could email me encrypted by herself - remembering my (very frustrating and fruitless) attempts to teach her how to use PGP, SMIME, this makes tutanota shine and stick out positively.
Esp. comparing it to the whole earlier opensource encryption crap, sorry for my language, but while the opensource community nerds take alot of effort to perfect the technology, they obviously give a shit about usability and judge "high and mighty" about all regular, "daily life" internet users, who are not willing or able to use linux terminal, long-winded setup routines and whatnot to use their encryption solutions, but rather stick with what they can handle: privacy killers, the usual free webmail services regular people still use.
Your service should always be both: simple as the Gmails and Yahoos to use in every aspect by default, for regular people without competence and/or desire, to educate themselves in the technology "behind the scenes", just like you don't need to be a mechanic or even know, what a carburator is to be able to drive a car properly, by default. But also offer optional features in addition. This way, you can serve all users and the larger the tutanota community gets, the more simple encrypted emailing becomes (chicken-and-egg problem).
Thanks, anonymous. We don't use MD5. Tutanota uses bcrypt and SHA256 to generate the hash locally.
Tutanota Support: MD5 is a "fingerprint" or hash, but it is vulnerable. A hash by itself is not inheriently secure.
Thanks, Anonymous. Of course we can explain otherwise: When a password is used for authentication (login), it is not necessary that it is known to the server you want to authenticate with. It is enough that the server has a fingerprint (hash) of your password. With Tutanota your hash for authentication is calculated by your browser and only the hash is being sent. Your password never travels the Internet in plain text and it is never seen by our server. As hashes are non-invertible, the server is unable to reconstruct your password from the hash. In this way the server is not able to decrypt your data, while still able to log you in.
In short: One password is enough. On the server, there is only encrypted data and only you can decrypt it. If anyone should hack the server, which is very very difficult, all they get is encrypted data.
Once the tutanota server is hacked/infected, game-over, and i've heard hacking server or the iOS or android app on appstore and googleplay is the easy part (before the app is downloaded). Therefore, one password to authenticate we are a user and to retrieve our encrypted mail box (which should be a complete jumble and not readable by anyone who's hacked tutanota server or apps. One to decrypt the mailbox locally at user-end. A bit like protonmail. I have been told that this is deal-breaker for tutanota. I would implement this first - unless someone can explain otherwise.
Another vote for Yubikey!
Anonymous Anonymous commented
Nothing Google, which also means nothing related to my cell phone. Whatever this is, it needs to simply be an option, not mandatory. I don't want to have to supply any sort of phone number of anything else that can be traced to me. Google is totally insecure, and privacy is a total joke. It's an absolute open book, but worse. I agree with those that say just keep it simple. I already had to quit and fight for a refund from Startmail because their Contact's management was so atrocious. The password requirements for Tutanota are already very annoying and don't really enhance security so don't go overboard on some alleged system that has the potential to introduce even more vulnerabilities and a decrease in personal privacy. Let's face it, the Internet is a very dangerous place.
Having the option to upload a "key file" would be nice as well, making "3-factor (yes, its not really 3, but you get the idea) authentication".
This suggestion may have already been made earlier because I don't know the technical term. My broker provided a very convenient authentication method. A small device similar to the ancient "pager" was supplied to me that continually generated codes for logging into my online account. Even if I lost the device nobody could access my account because, 1st they would have to know my account password, and 2nd they have no way of associating the device to anything having to do with me.
I really hope that 2FA this will be optional, because I am very happy with just the password for authentication! I am already going mad with all the services that need phone based authentication etc as I don' t have a smartphone and my phonenumber and location changes every few months.
Please use the new THREEMA app Api for the 2-factor Authentication!
So you do not have to use the phone numbers of the users!! More Privacy, more security!
Not to belittle other's priorities on security, this feature is not a basic necessity. There is a basic level of security already provided. Getting this application to become useable, that is making it easy for anyone to get up and running with their address books intact and some optional file folder creation capabilites is all I need to motivate me to move entirely to this platform. Tutanota is out of beta, but it still does not meet my daily needs without having to reference other email platforms for address input. It looks good. I want to use it exclusively but everyone comes at this with customization suggestions that look good but could really wait until a satisfied user base is established.
How bout Clef?
Thomas C. commented
Please don't use anything by Google, like Google Authenticator.
Multi-factor authentication would be nice if none identifiable method is used.
For example by sending aditional key to another email