Two Factor Authentication and App-specific Passwords
The biggest new feature is two-factor authentication. Two-factor authentication means you cannot log in with your password only -- you need a second authentication "token".
We are using time-based one-time passwords (TOTP) as the second token. If you would like to add two-factor authentication to your account, you will need to add an app to your smart phone. You will use the app to scan the QR code we give you, and the app will generate the token you'll need to log in.
Mailstore customers who use two-factor authentication will also need to set up app-specific passwords for their email programs. (Email programs cannot use two-factor authentication.) All customers may use app-specific passwords for SMTP, if they would prefer not to use their main Pobox password.
In order to make changes to your account security settings, you must re-enter your password. (Previously, this was required for password changes only.) Once you've re-entered your password, you can make changes for up to 5 minutes. When you are finished making changes, we suggest you log out.
The profile and security listing also highlights any major security problems with your account. Interested in tighter security? Click the "restricted settings" link on the right side of the page to see our recommendations.
The Profile and Security section collects options that were previously found littered around the site.
- Your personal contact information lets us get it touch with you in case of emergency.
- Your time zone is used to show your spam listing in your local time.
- Your password should get reset every once in a while.
- Your emailed spam report can log in automatically, or not, at your preference.
- Your security Q&A helps us make sure you are you, if you lose your password.
- Password recovery address is another email address where we can send password reset links, in case you lose account access.
- Filter Push Notifications (for Plus and Mailstore accounts only) tell us where Pobox email filters should send push notifications.
- Target delivery of Pobox system messages: If you have more than one set of delivery locations, you can target your password and administrative messages, bills and emailed spam reports.
- Account Administrators are other Pobox customers who you authorize to make changes to your account.
- Billing Contact is another Pobox customer who has agreed to pay for your account.
We hope you'll find the new Profile and Security section, as well as the Home page revamp that came with it, improves and simplifies your Pobox experience. If you have any questions, problems or comments on the changes, please let us know!