We take your account security very seriously, and we want to make it easy for you to keep your email account safe.
- You have a password which is used to access your account via the web interface or Fastmail app. If you do not use two-step verification with your Fastmail account, we strongly recommend that you set a highly secure password.
- You can have multiple two-step verification security devices, which help you keep your account secure from attackers. They can be used when logging in via the web interface and the Fastmail app. Learn how to set up two-step verification.
- Any other email client, program, or app accessing your account (i.e. mail or calendar apps on your phone, or Outlook on your computer) needs to use an app-specific password to access your data. Learn how to set up app-specific passwords.
How to change your password
- Go to the Settings → Privacy & Security screen.
- Click Change password.
- Type your current password in the Current password box.
- Type your new password in the New password box, then type it again in the Retype your password box below it to make sure we've got it right. Make sure you don't use the same password anywhere else (see below for why).
- Click the Change password button.
Once you change your password, the old one cannot be reused within one year.
Avoid reusing your password elsewhere
Your email is the key to your online world - if you have access to your email account, you can reset your password at most other sites you use. When you reuse your Fastmail password at other sites, you're making it much easier for attackers to potentially break in to your account. Other sites often don't have the same high security measures as Fastmail (such as compulsory HTTPS, locked-down servers, etc.), which makes those sites much easier for criminals to break in to. If another site uses your email address and the same password that you use for Fastmail, the attacker can then access your email account and get into everything else you use online.
Using two-step verification is an excellent way to keep your account safe, even if your password is compromised.
Setting up account recovery options
We highly recommend that you set up a recovery email address and phone number in case you ever forget your password and need to use the account recovery tool. Your password recovery options should be regularly reviewed and kept up to date.
- Go to the Settings → Privacy & Security screen, then go to the Account recovery section and click Manage.
- Click the blue Add recovery phone or Add recovery email button.
- A Verify it's you box will appear. Enter your password and click Continue. (For more information, see our Password-protected actions help page.)
- Type the phone number or email address you wish to use, then click the blue Send verification code button.
- A verification code will be sent to your phone number or email address. Enter this code, then click the blue Verify button. The next screen will confirm that the recovery method has been added to your account.
Legacy contact for recovery
You may wish to add the email address of someone you trust with your personal information as a recovery email address in the event you become incapacitated or pass away.
This should be someone who could gain access to your account through the power given to them in your will. Adding their email address to your account recovery options means they can gain access to your information faster, without having to provide proof of their legal power to do so.