We take your account security very seriously, and we want to make it easy for you to keep your email account safe.

How to change your password

  1. Go to the Settings → Password & Security screen.
  2. Click Change Password.
  3. Type your current password in the yellow box at the top of the screen and click the Unlock button.
  4. Type your new password in the New Password text box, then type it again in the Retype Your Password text box below it to make sure we've got it right. Make sure you don't use the same password anywhere else (see below for why).
  5. Click the Change Password button.

Once you change your password, the old one cannot be reused within one year.

Avoid reusing your password elsewhere

Your email is the key to your online world - if you have access to your email account, you can reset your password at most other sites you use. When you reuse your Fastmail password at other sites, you're making it much easier for attackers to potentially break in to your account. Other sites often don't have the same high security measures as Fastmail (such as compulsory HTTPS, locked-down servers, etc.), which makes those sites much easier for criminals to break in to. If another site uses your email address and the same password that you use for Fastmail, the attacker can then access your email account and get into everything else you use online.

Using two-step verification is an excellent way to keep your account safe, even if your password is compromised.

Setting up account recovery options

We highly recommend that you set up a recovery email address and phone number in case you ever forget your password and need to use the account recovery tool. Your password recovery options should be regularly reviewed and kept up to date.

  1. Go to the Settings → Password & Security screen, then go to the Account Recovery section and click Manage.
  2. Type your current password in the yellow box at the top of the screen and click the Unlock button.
  3. Click the blue Add Recovery Phone or Add Recovery Email button.
  4. Type the phone number or email address you wish to use, then click the blue Send Verification Code button.
  5. A verification code will be sent to your phone number or email address. Enter this code, then click the blue Verify button. The next screen will confirm that the recovery method has been added to your account.

Legacy contact for recovery

You may wish to add the email address of someone you trust with your personal information as a recovery email address in the event you become incapacitated or pass away.

This should be someone who could gain access to your account through the power given to them in your will. Adding their email address to your account recovery options means they can gain access to your information faster, without having to provide proof of their legal power to do so.