We take your account security very seriously: we want to make it easy for you to keep your email account safe.
- You have a password which is used to access your account via the web interface. If you use two-step verification (see below), this password can be easy to remember as it is protected by the verification device. Without two-step verification, this should be something highly secure (and as a result, probably difficult to remember),
- You can have multiple two-step verification security devices, which let you keep your account secure from attackers. They can be used when logging in via the web interface and the Fastmail app. Learn how to set up two-step verification.
- Any other program or app accessing your account (Mail, or Calendaring apps on your phone, or Outlook on your computer, for example) needs to use an app-specific password to access your data. You can restrict this to only let the app access the data it needs. Learn how to set up app-specific passwords.
How to change your password
- Log in to your account on the home page.
- From the menu, open the Password & Security screen.
- Type your existing password in the text box at the top and click the "Unlock" button.
- Type your new password in the "New Password" text box, then type it again in the text box next to it to make sure we've got it right. Make sure you don't use the same password anywhere else (see below for why).
- Click the "Change Password" button.
When you change your password, the old one can't be reused within a year.
Why it's important to not use the same password elsewhere
Your email is the key to your online world; you can reset your password at most other sites you use if you have access to your email. When you reuse your Fastmail password at other sites, you're making it much easier for attackers to potentially break in to your account. Other sites often don't have the same high security measures as Fastmail (such as compulsory HTTPS, locked-down servers, etc.), which makes them much easier for criminals to break in to. If they hold your email address and the same password that you use for Fastmail, the attacker can then access your email account and get into everything else you use online.
Using two-step verification is an excellent way to keep your account safe, even if your password is compromised.
Setting up account recovery options
In case you ever forget your password, it's useful to set up a recovery email address and phone number on the Password & Security screen. This is where account recovery information is sent if you use the account recovery tool.
Legacy contact for recovery
You may wish to add the email address of someone you trust with all your personal information in the event you become incapacitated or pass away. This should be someone who could gain access to your account through the power given to them in your will: adding their email address to your recovery options means they can gain access to your information faster, without having to provide proof of their legal power to do so.
This legacy contact information should be regularly reviewed and kept up to date.