With this release you can now store your login credentials in the Tutanota app and secure your login credentials with Android's system keychain. This will enable you to unlock your Tutanota app with a pin or biometrics such as fingerprint.
We would like testers to pay attention to the exact steps they are taking when acivating pin/biometric unlock so that we can reproduce possible issues.
If you experience any issues, please also let us know the Android version and device model as well as types of authentication enabled for the phone at firstname.lastname@example.org.
We ask testers to make sure they have credentials (password/recovery code) for their accounts written down in case something doesn't work as expected.
Adding fingerprint/pin unlock to the apps is also a precondition for our planned offline mode release. In particular it improves security with offline mode since we are adding an additional layer of encryption for credentials. Of course, your password has always been stored encrypted on the device and you were (and still are) able to remove an active login via sessions handling in Settings.
We support three security levels for different preferences. The highest security level (biometrics only) on Android 11 and 12 makes sure that no one can extract the key even when the device is on and unlocked because the decryption is done in the hardware and protected with biometric data. This means that only you can - with the correct biometric data - decrypt your password.
We plan to also release pin and biometric unlock for the iOS app in the coming weeks.
Now that you are able to securely store your login credentials in the app, we need to remind you that it is very important that you keep your password and your recovery code in a secure place in case you ever lose or forget your password. Here you will find more details on Tutanota's highly secure password reset.
To maximize your login security, we recommend turning on two-factor authentication. Two-factor authentication means that someone trying to login to your account will need your password as well as access to the second factor, which can be an authenticator app, or a physical key.
The most secure option here is a physical key (U2F) such as a YubiKey or Nitrokey.
Recommended for further reading: Email Security Guide: 3 easy steps to keep your emails safe from hackers..