We take your account security very seriously: we want to make it easy for you to keep your email account safe.

How to change your password

  1. Log in to your account on the home page.
  2. From the menu, open the Password & Security screen.
  3. Type your existing password in the text box at the top and click the "Unlock" button.
  4. Type your new password in the "New Password" text box, then type it again in the text box next to it to make sure we've got it right. Make sure you don't use the same password anywhere else (see below for why).
  5. Click the "Change Password" button.

When you change your password, the old one can't be reused within a year.

Why it's important to not use the same password elsewhere

Your email is the key to your online world; you can reset your password at most other sites you use if you have access to your email. When you reuse your Fastmail password at other sites, you're making it much easier for attackers to potentially break in to your account. Other sites often don't have the same high security measures as Fastmail (such as compulsory HTTPS, locked-down servers, etc.), which makes them much easier for criminals to break in to. If they hold your email address and the same password that you use for Fastmail, the attacker can then access your email account and get into everything else you use online.

Using two-step verification is an excellent way to keep your account safe, even if your password is compromised.

Setting up account recovery options

In case you ever forget your password, it's useful to set up a recovery email address and phone number on the Password & Security screen. This is where account recovery information is sent if you use the account recovery tool.

Legacy contact for recovery

You may wish to add the email address of someone you trust with all your personal information in the event you become incapacitated or pass away. This should be someone who could gain access to your account through the power given to them in your will: adding their email address to your recovery options means they can gain access to your information faster, without having to provide proof of their legal power to do so.

This legacy contact information should be regularly reviewed and kept up to date.