Harden your Mailfence account
Mailfence offers a secure and private email-suite. All user accounts are protected through standard security and privacy measures. A high-level security analysis can be found in this blogpost. However, as with any other digital system, the weakest link in the security chain are people. We actively encourage our users, to follow good data security and privacy practices. This blogpost is another step in that direction. Below you will find various steps that you can take to harden your Mailfence account security.
Use a unique and strong password to harden your account
This seems to be the most common data security advice out there. Yet reports still find compromised passwords as one of the leading contributors of successful attacks. Our advice has always been to avoid bad password habits. In your Mailfence account, you can change your account password by going into your account Settings -> Account -> Security: Password.
Always use a unique and strong
password or should we say: a PASSPHRASE e.g., random sequence of words constituting a sentence which is easy to remember.
Enable Two-factor authentication (TFA)
This is a very important step towards hardening your Mailfence account. You can set-up TFA on your account by going into your account Settings -> Account -> Security: Two-factor authentication.
Do not forget to generate backup codes, which will allow you to regain access to your account in case you lose access to your TOTP app. You will find a detailed guide in this KB article.
Disable access to services which are not in use
Mailfence offers a variety of non-web services that can be accessed through external clients. You can disable any of these services which are not in use, by going into your account Settings -> Account -> Security: Services access.
You will also be asked to take this step after enabling TFA if all of your non-web services are enabled.
This will reduce the attack surface of your account by refusing any connection attempt using a service that is disabled.
Use service specific passwords to protect your Mailfence account
If you are using any non-web service i.e., SMTP, IMAP, POP, EAS, xDAV, Instant messaging for groups, then it is highly recommended to access them using a different password from your account web access. Do this by generating service specific passwords. Simply go to your account Settings -> Account -> Security: Services access (section) -> click on ‘Generate a specific password for this service’.
Click on ‘Generate’.
From this point onward, the selected service WILL NOT be accessible using account (web) password. You can stop using a service specific password at any time by clicking on ‘Revoke’ [Settings -> Account -> Security: Services access (section)].
This is the next logical step that you should take after enabling TFA for web access on your Mailfence account, to extend a level of security on other/non-web services which are in use. However, you are free to generate and use service specific passwords even if you do not enable TFA. This would already be a better approach to protect your Mailfence account.
Take necessary measures for Groups
Mailfence offers group functionality for collaboration among different users. Following are some measures that you can take to strengthen the security and privacy of your Group.
- Since you can also use Group functionality to make the most of your subscription quota, make sure not to add group members if not desired.
- Please be aware that in shared mailbox, all of your sender address(es) will be visible (including alias sender addresses) to Group members with whom you have shared your mailbox. This feature should be used in trusted circles only.
- Make sure not to expose your calendar events visibility unintentionally to groups members. This can be managed for each calendar event by following the steps here (-> Visibility: Choose ‘Invisible’).
- Depending on your requirements, make sure to set access rights for group tools i.e., documents, calendars, contacts to the minimum.
- To avoid exposing your Presence in Group chat, you can always set your status to ‘Offline’.
Other measures to harden your Mailfence account
- Keep an eye on your last web connection details by clicking on the Mailfence logo at the top-left corner in your Mailfence account. Then check Account section (in right-column). Any unidentified information here (e.g., suspicious date & timestamp and/or IP address & country) can indicate a possible compromise.
- To avoid any tracking and other related issues, we recommended that you set your emails reading/viewing mode to ‘Text only’ (Settings -> Messages -> General: Display mode).
- Please be aware that your account First/Last name (provided at registration time) is used as a Display name for all sender addresses (including alias addresses). Your name also appears as the owner name of files that you own (visible to other group members). You can always change your account First/Last name or an alias address display name by going into your account Settings -> Account -> Personal data -> Edit.
- Please be aware that your account username is visible in public page URLs (i.e., document public page, calendar public page). In case you would prefer to change your account username, please contact our support.
In case anything is not clear, or if you have questions about how to harden your Mailfence account, feel free to let us know.
Mailfence is a secure and private email-suite.
– Mailfence Team