Greater Email Security with Two-Factor Authentication and App Passwords

OpenSRS Hosted Email enables our domain resellers to offer custom email addresses to their clients. What sells most people on our Email solution is that it’s easy for resellers to manage, totally brandable, compatible with all major email clients, and very affordable compared to other options in the marketplace. It’s also a highly secure solution.

Email Security Matters

Given that most of us have a single email address linked to multiple online accounts, keeping our email account secure should be top of mind. OpenSRS employs best practices to protect our users’ accounts: we have a simple yet strong password recovery process, our resellers can adjust password strength requirements for their users, and account holders have their password strength evaluated during resets. But much of the onus of preventing unauthorized access falls to the end-user. We’ve just added two free, easy-to-enable features to enhance your end-users’ account security: two-factor auth sign-in and app passwords.

Two-Factor Authentication

Often shortened to 2FA, two-factor authentication has been implemented by service providers like Google and adopted by a growing percentage of their end-users. As its name would imply, two-factor authentication requires an account holder to provide a secondary means of verification in addition to a password during the sign-in process.

Most commonly, users provide a secondary code sent via SMS to their phone or one generated by an app, like Google Authenticator or 1Password, accessible through the user’s smartphone or other personal device. The benefit, of course, is that were someone to get ahold of a user’s password, they still cannot access the email account without also having the user’s mobile phone in hand.

We’ve made both the SMS and app options available.

App Passwords

Your end-users might be less familiar with app passwords, but many will be grateful for the introduction — they’re a pretty nifty feature.

Most people access their email account from a few different places, including their smartphone app and desktop client. Hosted Email end-users can now generate a secondary password to be used when signing in through apps like Outlook, Apple Mail, and Thunderbird. Once an app password is created, the main account password can only be used when signing in through the webmail portal.

Having a separate password for apps presents a couple security benefits. Should the app password or the smartphone itself fall into the wrong hands, the main account password is still secure. The user would simply need to head to their webmail portal and reset the compromised app password to ensure that the email account is no longer accessible through the lost device. Also, app passwords are particularly helpful for users who want an additional level of security but are using an email client app that doesn’t support 2FA.

Setting up 2FA and App Passwords for Hosted Email

Steps for Resellers

You can enable 2FA and App passwords from the Mail Admin Console or via the Hosted Email API. You’ll find step-by-step instructions in our Knowledgebase.

Educating End-Users on 2FA and App Passwords

We’ve created concise end-user quickstart guides in the form of Google Slides, which explain how an account holder can set up 2FA and create app passwords once the features have been enabled by their reseller. Simply select File > Download as and select your preferred format to rebrand the content for distribution to your customers.

Step-by-step end-user instructions for 2FA and app password enablement can also be found in our Knowledgebase.

Curious about OpenSRS Hosted Email?

Most people who own a website want an email address to go with it, so offering your customers email service alongside domain names can be very profitable. Outsourcing your email service can save you a ton of money, and OpenSRS Hosted Email lets you reduce your costs without forfeiting any of the administrative control. If you’d like to learn more, please, get in touch with us!