FastMail - How to turn on Multi Factor Authentication (MFA)

EQ Admin

EQ Forum Admin
Staff member
Hello,

FastMail offers a variety of multi-factor authentication (MFA) authentication options.

There is a downside. At this time, MFA can only be enabled for alternate logins. MFA can not be associated with your primary FastMail username and password.

FastMail intends for these alternate logins to be used when you are logging into your account from a computer or network that you don't trust such as a public wireless network.

To create an alternate login go to your Advanced Settings and click Alternate Logins:

FastMail Advanced.JPG FastMail Alternative Logins.JPG

Next, complete the form, including selecting your MFA option such as Google Authenticator.

FastMail Alternative Login Google Authenticator.JPG

When done, click the button at the bottom of the screen to Create Alternative Login.

If you selected Google Authenticator you'll be prompted with a white page that includes the Google Authenticator setup directions.

To use the alternate login, go to the FastMail login screen and click More:

FastMail MFA Login.JPG FastMail MFA Login - Google Authenticator.JPG

To login using your alternate login you'll need these three pieces of information:

  • Your FastMail email address
  • The Base Password created for your alternate login (not the master password)
  • Your second auth code such as the six digits from Google Authenticator.
 

foggy

Valued Member
Just so readers are aware, FM's 2FA works slightly differently. As I understand it, whereas other services (like Gmail) employ 2FA so that one cannot log in to an account using only the master password without also inputting the second factor (e.g. code sent to phone), with FM one may still log in to the account using the master password alone. Their 2FA is truly an "alternative" login, since the main login method (the single, master password) will still be valid without a second factor. FM suggests using a very long & complex password as the master password and then using a shorter one that's easier to remember for use as part of their version of 2FA.

This, to me, doesn't seem quite as secure as the 2FA provided by other services (e.g. Gmail, Outlook) where one must have a code entered separately (in addition to the master password) to log in.
 
Top