Password-protected actions

For your security, some screens in your Fastmail settings will require you to enter your password when you attempt to make high-impact changes to your account.

This provides an extra layer of protection so that if someone gained unauthorized access to your Fastmail account (e.g., the account was left logged in on a shared computer), they cannot perform destructive actions or access other users' data as an admin.

If you have two-factor authentication (2FA) set for your account, password-protected actions will also require your 2FA token on all untrusted devices.

When will I be asked for my password?

You can expect to be asked for your password when performing high-impact changes in your Fastmail settings, including the following actions:

  • Changing your password
  • Adding or removing a recovery method
  • Adding or removing 2FA
  • Creating or removing an app password
  • Creating or removing an API token
  • Removing a user or email address

What will it look like when I'm asked for my password?

If you are performing a high-impact change in your Fastmail settings, you can expect to see a box appear with the title "Verify it's you" asking you to confirm your password.


Will I be asked for my password every time?

You will not be prompted for your password if you have logged in to your account within the last 30 minutes, or if you have signed up for your account within the last 30 minutes.

What happened to the yellow box?

Before November 2022, we prompted users to enter their password in a yellow box at the top of the Settings → Users & Aliases and Settings → Password & Security screens:


Entering the password would unlock the page, allowing you to make high-impact changes from there.

We chose to remove the yellow box because it occupied too much space in the settings screens, and caused confusion for some customers who believed they needed to enter their password simply to view their settings. This change also allows us to include all of the authentication options we allow users to set, including 2FA, for customers who have them set in their account.

Was this article helpful?
13 out of 24 found this helpful