Re: 2-Factor authentication on webmail

mflanagan · ‎14-02-2025

Please could someone advise how to set this up on webmail? All serious platforms these days have an MFA option, but I just can't see one with Plusnet.

jab1 · ‎14-02-2025

Out of interest, why would you need 2FA on webmail?

John

mflanagan · ‎14-02-2025

Are you kidding? Why WOULDN'T you want it?! Think of the havoc someone could wreaking they gained access to your mailbox...

jab1 · ‎14-02-2025

As they need to know your account name and (presumably secure) password, what is the actual, rather than theoretical, risk?

I have been using mail accounts for about 30 years - since W95 - and have never been compromised yet.

John

Townman · ‎14-02-2025

Best practice around passwords - make them unguessable, long, not words and change then regularly makes 2FA somewhat nugatory.

Clearly where password management does not follow best practice, such as using your birthday, pet’s name, favourite football team all in plain text … some will seek other forms of protection, which invariably are burdensome.

I do not know of a 2FA on any webmail service. I also see a dire catch22 situation with 2FA on mail access services - one should not presume possession of a mobile phone or a workable mobile coverage; many 2FA processes use email for the verification code.

This suggestion would result in not being able to access the verification code because said verification code is required to access the verification email.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

pvmb · ‎14-02-2025

@jab1 wrote:

As they need to know your account name and (presumably secure) password, what is the actual, rather than theoretical, risk?

Well, 'discovering' the account name is not much of a challenge with Plusnet email, is it?

jab1 · ‎14-02-2025

What is mine then @pvmb ?

John

mflanagan · ‎14-02-2025

"I have been using mail accounts for about 30 years - since W95 - and have never been compromised yet."

Haha, is that a genuine security strategy? Wow...

Anyway, back in the real world, all I wanted was an answer to my question, which I'm guessing is 'No, it isn't possible.' That's fine, that's all the info I was looking for. So long

jab1 · ‎14-02-2025

@mflanagan My 'security strategy' - which you are unaware of, obviously - has kept me perfectly safe all these years, so it works.

John

iannewson · ‎14-02-2025

Until it doesnt.

If you want to rely on on server security of an email system (that is barely supported by plusnet) to not loose your credentials then thats up to you. But for goodness sake don't dissuade others from having some common sense.

https://haveibeenpwned.com

Ive personally found some my password that ive used in the wild.

jab1 · ‎14-02-2025

@iannewson As I've said previously, I have been using various ISP mail systems for ~30 years, and never had any issues. I do check for any breaches on a monthly basis as part of my own security protocol, and the only ones I have found have been the odd 'account' passwords, usually linked to sites where I suspect security could be a bit 'lax'.

John

grumble · ‎14-02-2025

I'll have to slightly disagree. The most basic 2FA uses texting to supply a code (numeric or alphanumeric) using the mobile phone network. I have yet to see a 2FA which uses email for the verification code.

E-mail can be used to request a password reset link (which is quite often part of the design).

Townman · ‎14-02-2025

Again presumption that everyone has a mobile phone and everyone has a decent t signal.

There are lots of websites which use email as the vehicle for 2FA verifications. The site I ordered toner from this week sends 2FA to email.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

pvmb · ‎15-02-2025

@jab1 wrote:

What is mine then @pvmb ?

I thought you were no longer with Plusnet? (Or was that somebody else?)

But, if you are: tell me your Plusnet email address and I'll tell you your Plusnet account name.

jab1 · ‎15-02-2025

I am no longer with PN as an ISP, but I retain my membership of this forum, and my email.

Without the associated password, knowing my account name is not much use.

John