When designing the secure password reset for Tutanota, we focused on three main aspects:
A password reset lets users change their password to a new one so that they can keep accessing their online account even when they forgot their password. The standard reset feature via email is very insecure as it opens an attack vector for malicious account takeover.
A standard reset feature that sends a new password to a second email address was never an option for Tutanota for security reasons. As all your data is encrypted with the help of your login password, we cannot reset your login password in a way unencrypted services do. If we did, all data stored encrypted in your Tutanota mailbox would be lost.
If we wanted to use such a reset feature, we would have to store your login password in plain text on our servers for being able to decrypt your data and then re-encrypt it with the new password. Obviously this is completely insecure and, thus, not an option for Tutanota.
Because your Tutanota password is so important, we take utmost care that it is never accessible to anyone.
To design a secure reset feature we had to make sure
We have come up with a secure design that enables you to reset your Tutanota login credentials without giving anyone the possibility to abuse this feature.
Basically, the design is as follows: When you sign up for a new account or when you trigger the creation process of a recovery code for an existing account, Tutanota generates an additional code that encrypts your private key.
This code, just like your password, is able to decrypt your private key and, thus, your encrypted emails and contacts stored in Tutanota. That's why you - and only you - are able to reset your Tutanota password with the help of the recovery code.
For being able to reset your password, it is important that you store your recovery code separately so that you can access it in case you lose your password or your second factor.
The best way is to write the recovery code on a piece of paper and put it somewhere safe.
To reset your Tutanota mailbox, you will need 1 out of 2 (if you have not added a second factor) or 2 out of 3 (if you have added a second factor).
We strongly recommend that you activate two-factor authentication for your Tutanota mailbox. Only by using a second factor, you can make absolutely sure that no one else can access your secure Tutanota account.
To reset your password, you will need your recovery code.
You can look up the recovery code anytime in your Tutanota mailbox - but only upon entering your password.
This makes sure that no one who gains access to a logged in session of your Tutanota mailbox can look up your recovery code and reset your account.
With 2FA enabled, you will need 2 out of 3 to reset your Tutanota account.
To reset your password, you will need your second factor and your recovery code.
To reset your second factor, you will need your login password and the recovery code.
If you lose your password AND your second factor, there is no option to reset your Tutanota account for security reasons.
No comments available