TOTP allows users to use an authenticator app such as Google Authenticator or Authy for generating codes. In addition to your password, these codes are used as the second factor to login to your Tutanota account. With TOTP the codes are only valid for a short period of time so you can't run into issues in case you lost the codes.
Please be aware that when using TOTP as a second factor, your login on a mobile device is not truly 2FA-protected if the authenticator app runs on the same mobile phone. The encrypted Tutanota beta client already supports U2F, which security professionals consider as the most secure method of two-factor authentication.
While it is not a must, we strongly recommend that you add a second factor to your Tutanota account to protect your mails to the maximum. We already protect your mailbox with automatic end-to-end encryption. Once our brand-new beta client is published in a few weeks, you can add an extra layer of security to your login credentials to prevent your password from being stolen.
To make sure that you yourself do not lose access to your Tutanota account, we also recommend that you add two second factors to your encrypted mailbox. This makes sure that you are still able to login to your Tutanota account in case you lose your U2F device or access to the authenticator app.
Read also our guide on how to prevent email phishing.
Only two weeks ago, we have added two-factor authentication with a U2F device to the Tutanota beta client. Read more on this release here.
If you have missed the private beta invite that we have sent via our social media channels, simply follow us on Twitter, Facebook, Instagram, Google+ and Reddit. Next time we send out invites, you will be able to take part in this exciting development stage.
No comments available