Harden Your Mailfence Account
Mailfence offers a secure and private collaborative suite, and all user accounts are protected through standard security and privacy measures (check our high-level security analysis for more information). However, as ever with any other digital system, we are engaged in a race against cyber pirates. Unfortunately, the weakest link in the security chain is people. That’s why you can take the following steps to harden your Mailfence account and stay on the safe side.
Use a unique and strong password
It takes less than one second for a hacker to crack the password “qazwsxedc, and of course, it will take him even less time to guess a simpler password such as “111111”. This is all the more annoying because reports still find compromised passwords as a leading contributor of successful attacks.
That’s why it’s crucial to harden your Mailfence account with a strong and unique password. Even better, use a passphrase, a random sequence of words constituting an easy sentence to remember (feel free to check our password best practices).
Is your Mailfence password not strong enough to protect your account? Don’t worry, you can easily reset your password.
Enable Two-factor authentication (2FA)
Two-factor authentication (2FA) hardens your Mailfence account by adding an extra security step (in addition to the password).
This additional step is designed to confirm that you are the actual Mailfence account user. It’s usually done by requesting you to type a code you would have received in a text message or through an authenticator app on your mobile phone. Alternatively, you could also be asked to provide your fingerprints on touch devices. If someone steals your password, they will not be able to access your account without the second authentication.
To set up 2FA on your Mailfence account, you will need to install any Time-based One-Time Password (TOTP) based application on your smartphone. It will generate a code for only a short period of time. The code will then automatically be replaced by another one, then another one, and another one…
Do not forget to generate backup codes, which allow you to regain access to your account if you lose access to your TOTP app.
Disable access to services which are not in use
Mailfence can be accessed through external clients. But these are all possible entry points for intruders who might try to break into your accounts to steal your data.
That’s why it’s important to review them regularly to disable the ones you don’t use any more. This way, you will make them inaccessible to these intruders.
To disable any of these services which are not in use any more, follow these steps :
Go into your account Settings -> Account -> Security: Services access.
You will also be asked to take this step after enabling TFA if all your non-web services are enabled.
This will harden your Mailfence account by reducing its attack surface. Consequently, any connection attempt using a service that is disabled will be refused.
Use service specific passwords to strengthen your Mailfence account
Are you using any non-web service i.e., SMTP, IMAP, POP, EAS, xDAV, or instant messaging for groups? Then it is highly recommended to access them using a different password from your account web access.
This is the next logical step you should take after enabling 2FA for web access to harden your Mailfence account. You’ll extend the level of security on other/non-web services in use.
We recommend you to generate and use service specific passwords, even if you do not enable 2FA.
To do so, follow these steps :
Go to your account Settings -> Account -> Security: Services access (section) -> click on ‘Generate a specific password for this service’.
Click on ‘Generate’.
From this point onward, the selected service WILL NOT be accessible using the account (web) password.
You can stop using a service specific password at any time by clicking on ‘Revoke’ [Settings -> Account -> Security: Services access (section)].
Take necessary measures for Groups
Mailfence offers group functionality for collaboration among different users.
Following are some measures that you can take to strengthen the security and privacy of your Group :
- Since you can also use Group functionality for more personal storage, make sure to only add group members if desired.
- Please be aware that in a shared mailbox, all of your sender address(es) will be visible (including alias sender addresses) to Group members with whom you have shared your mailbox. This feature should be used in trusted circles only.
- Make sure to keep your calendar events invisible to groups members (unless you specifically want to let them see the events). This can be managed for each calendar event by changing the visibility (-> Visibility: Choose ‘Invisible’).
- Depending on your requirements, make sure to set access rights for group tools i.e., documents, calendars, contacts, to the minimum.
- To avoid exposing your presence in Group chat, you can always set your status to ‘Offline’.
Additional tips to harden your Mailfence account
- Keep an eye on your last web connection details. Any unidentified information here (e.g., suspicious date & timestamp and/or IP address & country) can indicate a possible compromise. Your account may have been hacked? Follow our steps to limit the damage as much as possible.
- To avoid any tracking and other related issues, we recommend setting your email reading/viewing mode to ‘Text only’ (Settings -> Messages -> General: Display mode).
- Your account First/Last name (provided at registration time) is used as a Display name for all sender addresses (including alias addresses). Your name also appears as the owner name of files you own (visible to other Group members). You can always change your display name if needed.
- Please be aware that your account username is visible in public page URLs (i.e., document public page, calendar public page).
In addition to all these measures to strengthen your Mailfence account, we encourage you to follow good security and privacy practices.
Not a Mailfence user yet?
Mailfence is a secure and private email suite with a calendar, polls and groups management, a chat service, contact management software, and a document storage and management tool. To protect your account against unwanted intrusions and breaches, it uses end-to-end encryption, digital signatures and 2FA.
The collaborative tools are intuitive and easy to use. Very quickly, you’ll not be able to do without them! You’ll even wonder how you could live without them for so long!
Want to give it a try? Check out our free plan now!
Share This Article
Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem