Session handling in Tuta Mail

Session handling in Tuta is your key to secure and flexible access control.

Session handling enables you to revoke access to the server remotely making your account more secure.

At Tuta we focus on delivering best security and privacy solutions to millions of users around the world. We make security easy – so easy that your login password becomes your decryption key to decipher all you data. This makes your Tuta password one of the most valuable assets to protect your digital identity. To make sure no one can get hold of your encrypted data when you lose a device on which you are already logged in, Tuta offers session handling – giving you full control over your account.


Power of control

Picture this: you’re riding the tram to work and as you arrive at the office, you want to take your phone out of your pocket – as you always do. But it’s not there. Panic sets in. Your phone got stolen, including all your apps that someone could maliciously use to access your accounts. And you’ve been checking your mail on the tram so you are absolutely certain that you are still logged in on Tuta Mail. While it is highly unlikely that someone could get passed your phone security whether you secured it with a pin or with fingerprint or face ID, it’s still good to know that you remain in control of your encrypted Tuta mailbox, no matter what.

This power of control is particularly important for your email account as email holds the key to your digital identity. With lots of accounts like Amazon, PayPal, or AirBnB linked to your email address, it’s crucial to keep your email account safe from any kind of malicious attack. This is where session handling comes in.

What is session handling?

When you login to a service, a session with the server is created that lets you access the data on this service for as long as the session is active.

Your open sessions grant access to private and sensitive information, possibly even to encrypted data, so it’s important that unauthorized people can not see or access your information. To protect your sensitive data, session handling is of crucial importance.

Session handling is the process of changing the authentication status and, thus, denying access for unauthorized parties. For instance by killing a session remotely, you can revoke access to an opened session making sure your data stays secure.

Closing sessions on the fly

Tuta Mail empowers you to monitor and manage active sessions with ease. By simply navigating to the session management tab under Settings – Login – Active Sessions, you can effortlessly view all active sessions and close them remotely as needed.

Via Active Sessions, you can easily check whether any unauthorized access attempts are taking place. With the ability to close sessions remotely, you can breathe a sigh of relief knowing that your private data remains secure, even in the event of a lost or stolen device. Whether you’re using your work PC or a friend’s phone, simply log into your Tuta Mail account and close the session associated with your lost or stolen device. It’s that simple.

In addition, if your device is lost or stolen, we recommend that you change your password and recovery key. Changing your password also has the benefit of logging out anyone immediately who might have gotten access to your account via another open session.

Active and closed sessions

Tuta is all about security, and while you can check from what IP you – or someone else – is logging in to your account, we at Tuta never see this data as it is end-to-end encrypted and only accessible from within your account. In addition, you need to manually opt-in to the storing of IP addresses to monitor sessions; this is not a default in Tuta Mail as some people prefer not to store IP addresses at all – even if encrypted.

As your IP addresses are stored end-to-end encrypted, we have zero access to this data. But if someone were able to login to your account, for instance after they gained access to your password via a phishing attempt, they could see your open and closed sessions including your IP address if this feature is activated. Please consider your personal threat model before activating the feature to monitor sessions.

Please find more information on how session handling works in Tuta in our FAQ.

Behind the scenes of Tuta’s session handling

Session handling is extremely important to make sure your email account remains safe no matter what happens. It’s easy to use, but complex underneath. Let’s take a look at how session handling works in Tuta Mail.

When a user logs into their Tuta Mail account, a session token is generated - a unique identifier that lets them access their account. Each session is encrypted and linked to the user’s device, ensuring that only authorized individuals can get into the account.

The option to remotely close sessions, enables users to instantly revoke this access to their account on any device. This adds an extra layer of security to the encryption and two-factor authentication offered to secure your Tuta login.

Take control of your digital identity with Tuta Mail

Protecting your email account, and by this also protecting your digital identity, has never been more important than in today’s interconnected world. Tuta Mail’s session handling feature puts you in charge of your account access. From monitoring active sessions to remotely closing sessions on the fly, Tuta Mail empowers you to stay one step ahead of potential threats.

So why leave your digital security to chance? Relax in the knowledge that your private data is safe and sound in Tuta.

Sign up for Tuta Mail today to enjoy the safest mailbox with quantum-resistant encryption and best login protection including two-factor authentication and session handling.

Your digital identity deserves nothing less.