Two-factor authentication or 2FA adds an additional layer of authentication when you log into your StartMail Account. Two factor authentication secures your account by requiring something you know (your password) with something you have (a code generated by an app on your phone/device).

Setting up 2FA

1. Download an authentication app on your phone - In order to setup 2FA, you will first need to have an authenticator app on your phone/device. Examples of authenticator apps are Sophos (available on iOS and Android), FreeOTP (available on iOS and Android) and Google Authenticator (available on iOS and Android).
2. Make sure the time on your phone/device is set correctly - We use Time-based One-Time Password (TOTP) algorithm in our 2FA solution. This means that the clock of our system and your device must be the same, otherwise the code you receive from your authentication app will not be accepted at setup.
3. Set up 2FA in StartMail webmail - After logging into StartMail, click on Settings and navigate to the Account tab. In this menu, click the Set up button to enable 2FA.

 Next, a pop-up will be shown in which you need to enter your account password.

After confirming your password, you’ll be shown a QR code, which needs to be scanned with the authenticator app on your phone/device. After scanning the QR code, your app will generate a TOTP code which will need to be entered to complete the 2FA setup.

Click Activate and you will see your 2FA deactivation code. 2FA has now been enabled for your account. Store this 2FA deactivation code safely, as it is needed in case you lose the device on which you have installed the authenticator app.

Your Settings > Account menu will now look like this:

When you are logged into webmail, you can always review your deactivation code by clicking on “View 2FA deactivation code”.

Logging in with 2FA enabled
When you have 2FA enabled on your account, you will need to authenticate with both your password and the 2FA token generated from the authentication app on your phone/device each time you login to StartMail. IMAP connections do not require further authentication and will continue to require only the IMAP connection password.

Step 1: Log in using your username and password (as usual)

Step 2: Log in using your second factor

You will be shown the following screen where you have to enter the code from your authentication app, which will allow you to enter your mailbox. Alternatively, you can enter your deactivation code, which will allow you access to your mailbox as well, but will immediately also disable 2FA for your account.

Note: Authentication apps store and display both the service (StartMail) and your username. Most apps allow you to change the way it is displayed. Changing it, will make it more difficult to find you. Moreover, when you set up 2FA for the second time and with the same authentication app, most will overwrite the original record, provided it has the same service and username information. As a result, you could end up with more than one record for the same account (of which only one will be valid), this may lead to confusion.

Note: Enabling 2FA will require you to use your authentication app every time you log into webmail. If you are in an environment where the IP changes often, you may want to turn off the “Restrict Session Origin" setting, because it logs you out everytime your IP changes. Please click here for more information on how to turn off the "Restrict Session Origin" setting.