Category Archives: Klager

Fastmail not taking security seriously?

About three years ago I figured I’d had enough Google-control of my online communication and was looking for an alternative email-provider. A friend of mine recommended Fastmail, which seemed like a good solution: Great web-interface, Android app, and the possibility of using an address from my own domain.

I signed up and have been using Fastmail since (with a redirect from my Gmail-address). The service has had some small issues (mainly the Android app being anything but “fast”), but overall I’ve been a happy customer.

Yesterday I figured out that I wanted to test 1password, moving away from LastPass after the recent security issues. In this process I decided to use the “generate password” functionality in 1password to set a new, strong password for my Fastmail account. Before I did that I made sure to set the “Account Recovery” email and phone number, so that if I made en error I would still be able to access my email.

And I was right. Indeed I made an error. I copied the generated password from 1password and pasted it into the change password dialog on fastmail. This logged me out, and then I managed to copy something else, removing the password from my clipboard. Then I managed to do something stupid in the 1password app, and my generated, 30-character, completely random, password was lost. I had managed to lock myself out of my email-account! Stupid! But hey, I have a recovery-email, right?

So I headed to the “Lost password screen” and typed in my gmail.address (to which I 10 minutes before had recieved a confirmation mail from fastmail).

Then I got the message:

The existing email address you entered was not for an existing user, or was for an account that has been disabled. Please try again

What?! Ok, after re-trying 5-6 times i had to open a ticket and provide a lot of information to regain-access by a manual process. In the ticket I wrote:

Thanks for the verification details.
I have now set your backup email address to:
*****@gmail.com

And I’m back in. Hooray! But I’m still wondering why the recovery email I entered did not work, so I’m asking:

Wasn’t my backup email set, or was there some problems regarding this feature? I am quite sure that I set my backup email yesterday.

The reply to this confused me:

Looks like the backup email address was not set. We then set it from our end and it worked for you. Please let me know if you need any further assistance.

After some back and forth I find out why:

Did you set this address from the Password & Security screen? If that is the case, you had set the “Recovery email address”. This is currently different from the backup email. Backup email can be set from the backend only.

And the password reset can be done using the backup email address only. The recovery process through recovery email address is not yet released into production. So I am afraid it will not work as of now.

What the actual, flying, fuck? The “Password & Security screen” is a frontend for some code that does not work? It presents itself as a way of setting a recovery mail, while it actually does nothing? The situation seems to have been like this for about 8 months, as this page from july 2016 clearly states:

Add your mobile phone number(s) and backup email address to the recovery options on the Password & Security screen. If you get locked out, we can use this to help verify your identity and restore access to your account.

I did express these concerns, and the reply I got was:

I really understand your frustration. I am sorry about that. I will pass your feedback to our supervisors.

We hope to implement the recovery procedure very soon.

But who knows? If they’ve been delaying this for 8 months now, I’m not confident that this will be fixed anytime soon, and that the “Password & Security screen” will continue to be a non-functioning, misleading page that does nothing but confuse the users. If the information isn’t used, don’t give the user the impression that it will. I can understand that not everything can be implemented at once, but have the balls to admit it, don’t lie to me. And about security issues? This is talentless!

So, to recap: The “Password & Security screen” of Fastmail is a sham. The information used there is not used. In order to regain access to your account if if loose your password you have to have a “backup email”. This backup email is not the same as the “recovery email”. The backup email has to be set by Fastmail staff.

Mail til AtB – Rute 22: trasevalg og punktlighet

Følgende ble skrevet etter nok en forsinkelse i morges og sendt AtB, busselskapet i Trondheim og omegn.

Hei!

I lys av avsløringene i media den siste tid om at kommunikasjonen mellom sjåfører og AtB er tilnærmet ikke-eksisterende og det faktum at det ikke hjelper noen å klage til en sjåfør på en 15 minutter forsinket buss har jeg valgt å sende denne mailen.

Jeg er, som bosatt i Vestlia, avhengig av rute 22 for å komme meg på jobb. Jeg har infunnet meg med at rutetidene er veiledende mtp ankomst sentrum rundt 08.00 grunnet trafikk ved Grønhaugen, men det er et par-tre andre punkter jeg ønsker dere ser på, og gjør noe med:

1) punktlighet: holdeplassen Vestlia er nr 2. etter startholdeplass. Forsinkelser på opptil 15 minutter her er, for å si det som det er, helt uforståelig. Ja, jeg vet det er forsinkelser som forplanter seg. Men, og her kommer poenget: at det er kø om morgenen vet ALLE. Dermed er det fullt mulig å planlegge bedre, justere rutetidene og sette inn flere busser. Jeg jobber ikke med trafikkanalyser og ruteplanlegging, men jeg håper dere har noen som gjør det!?

2) Sløyfe om Othilienborg både opp og ned: Hvis det jobber noen ruteplanleggere hos dere (som jeg noen ganger betviler) er jeg villig til å vedde på at samtlige bor på Othilienborg. Hvilken annen, logisk, årsak kan det være til at rute 22 kjører som følger: sentrum-othilienborg-vestlia-othilienborg-sentrum? Det er en ekstra 10-minutters sløyfe for meg både til og fra sentrum, noe som, mildt sagt, er i ferd med å gjøre meg gal! Hva var problemet med opplegget før: sentrum-vestlia-othilienborg-sentrum? Hvorfor må bussen oppom der med 10 minutters mellomrom?

I et av de få tilfellene nordmenn snakker med fremmede (dvs naturkatastrofer, fyll og forsinkelser) fant jeg ut på (den sterkt forsinkede) bussen i dag at jeg ikke er alene i å irritere meg grønn over dette. Flere har kontaktet dere via mail (uten å få svar) og Vestlia borettslag har også henvendt seg til dere (kilde: irritert dame på bussen).

Håper virkelig dere ser på denne saken igjen, jeg har virkelig lyst til å være busspassasjer, jeg synes kollektivtrafikk er smart, men det må være mulig å kunne starte dagen uten å kjenne irritasjonen bygge seg opp over stadige forsinkelser og idiotiske trasevalg?

På vegne av meg selv og mine Twitter-følgere (som sikkert ikke er så begeistret for nesten daglige oppdateringer om 22-bussens forsinkelser) ber jeg dere derfor kalle inn ruteplanleggerene til et møte, sette dere ned, se på tall og komme frem til en løsning som kan bidra til at turen Vestlia – sentrum kan ta mindre enn 40 minutter i snitt.

Med frustrert hilsen og et tynt håp om svar (og tiltak!)

Atle Frenvik Sveen