FastMail.FM allows you to login to your account using alternative login methods in addition to your "Master Password". The five main alternatives are:
-
Alternate regular passwords
Used just like your regular password to login to your account
-
One-time passwords
Generates a list of passwords for you to print out, where each password on the list can only be used to login once
-
SMS passwords
Allows you to use a password that when entered on the login screen, generates an SMS sent to your account with a new password that can then be used to really login to the account only once.
-
1 hour one-time passwords
Like one-time passwords, but the password is valid multiple times, but only for up to one hour from first use. Useful for protocols that require multiple logins (eg DAV, FTP, IMAP, etc)
-
1 hour SMS passwords
Like SMS passwords, but also only valid for 1 hour (see above)
Additionally, you can allow full access, or only restricted. With restricted access, you can't permanently delete anything via the web interface, and you have no access to the Options screen - however you can still delete email to the Trash folder - giving enough usability for every-day tasks.
If you log in with an alternative login mechanism, then the login used will be displayed in the upper right of the screen during your session.
Regardless of the access restrictions, you still require your master password to access the Alternative Logins screen, change your master password, or change your backup email address.
When you create a one-time password set, a page with 100 randomly generated passwords is presented for printing. You must print it before leaving the page, because it's not cached and you can't view the passwords again. You can use these passwords in any order.
If you provide an optional "Base Password" then it must be prefixed to each one-time password as you log in. For example:
- Base Password: qux23K
- One-Time Password: uryt-ljwd
- Password to login: qux23Kuryt-ljwd
Also, if you have a Base Password, you can enter it by itself to find out the number of the lowest unused One-time password from the set (handy if you haven't been crossing them out).
You can only use One-Time passwords for WEB and FTP access (not DAV as it requires the same password be used multiple times)
To use SMS Passwords, you must first have a mobile/cell number defined on your default personality, and you must also purchase sufficient SMS credits via the Options -> Purchase SMS Credits screen.
You are required to enter a Base Password to create a SMS Password set, because you'll need it to be sent an SMS. To get a new password SMSed to you, enter your username and the Base Password only. When you get the password SMSed, enter it after the Base Password as in the One-Time password system:
- Base Password: qux23K
- SMSed Password: uryt-ljwd
- Password to login: qux23Kuryt-ljwd
You must use an SMSed password within 24 hours or it expires. You can only use SMSed passwords for WEB and FTP access (not DAV as it requires the same password be used multiple times)
Regular passwords are just the value (required obviously) that you enter for Base Password. They work for all services if Full Access is granted (otherwise just FTP and WEB again)
Regular Additional Passwords are equivalent to your Master Password except that they can't be used to change backup email or passwords.
Rather than being a "single use" password like the first two options, these passwords can be used multiple times, making them suitable for DAV, IMAP or SMTP.
NOTE: you need to set "Full Access" or you get restricted to FTP and WEB because they are the only services with access control built in.
The first time you log in, you get a hard expiry time of 1 hour in the future set - so if you log in once, then log in again 50 minutes later, the last session only has 10 minutes before it times out.
SMSed 1hr passwords both also must be used within 24 hours from being sent (and for implementation reasons, the 24 hours is until the end, so if you use them after 23 1/2 hours you only get half an hour use!)