This page is used for configuring various security settings for your MDaemon Webmail account.
Login History
This area displays info about the last ten times you successfully signed in to your account. It lists the OS and browser used, the IP address from which you signed in, and the time you signed in.
Registered Sign-in Credentials
This area contains the list of registered credentials for Passwordless Sign-In. Entries will appear in this list when you follow the Using Device Authentication steps below or use the New Sign-In Credential option here. To add a new sign-in credential:
1.Sign in to Webmail using https:// in the browser rather than http://.
2.Under Registered Credentials, click New Sign-In Credential.
3.On the Passwordless Sign-In Setup box, select the type of device you wish to use.
4.Enter your Current Password, and click Get Started.
5.Follow the directions that appear for choosing and verifying your device.
6.When finished, an entry will appear in the Registered Sign-in Credentials box for the credential you just added.
Although Two Factor Authentication (2FA) is the best way to secure your email account when signing in to Webmail, it cannot be used in email apps, such as an email client program you use on your computer or an email app on your phone. This is because an email app must be able to check your email and receive new messages for you in the background without you having to enter a code from your authenticator app. Therefore to help make your email apps more secure, while still protecting you account password, you can use App Passwords, which are very strong, randomly generated passwords that you can use in your email clients to sign-in to your account instead of using your account password. App Passwords can only be used in email apps, they cannot be used to sign in to your Webmail account from your browser.
App Password requirements and recommendations
In order to use App Passwords, you must have Two Factor Authentication (2FA) setup below for your account. They can only be used in email apps—they cannot be used to sign in to Webmail (to sign in to Webmail, use your account password with 2FA). Each App Password is displayed only once, when it is created. There is no way to retrieve it later, so you should be ready to enter it into your app when you create it, For best security, you should use a different App Password for each email app, and you should revoke (delete) its password whenever you stop using an app or when a device is lost or stolen that was using one. Further, each App Password lists when it was created, when it was last used, and the IP address from which it last accessed your email. If you find something suspicious about the Last Used or Last IP data, you should revoke that App Password and create a new one for your app. Last, when you change your account password, all App Passwords are automatically deleted—you cannot continue using old App Passwords.
Creating and using App Passwords
To create and use a new App Password, follow the steps below. Before you begin, you should have your email app or client ready to enter the password, because the App Password will only be displayed once while creating it.
1.Have your app or email client ready to enter your App Password.
2.Sign in to Webmail and click Options » Security.
3.Enter your account password in Current Password.
4.Click New App Password.
5.Enter the name of the app that will use this password (e.g. "Phone email app"), and click OK.
6.Copy/paste or manually enter the displayed password into your app, or paste it into a text file or write it down if necessary. If you copy the password to use later then you should delete the copy after entering it into your email client. When finished, click OK.
Password Required
Enter your Current Password here whenever changing your password, setting up a Password Recovery Email, creating an App Password, or setting up Two Factor Authentication.
Change Your Password
To change your password:
1.Enter your Current Password in the Required Password option above.
2.Enter a New Password under Change Your Password.
3.Enter the new password again in the Confirm New Password box.
4.Click Save on the toolbar above.
Passwords have some minimum security requirements. Therefore if you enter, for example, a short password with only lowercase letters, you will get an error message listing the password requirements so that you can enter another one.
Password Recovery
You can use this option to gain access to your account if you ever forget your password. To set up Password Recovery:
1.Enter your Current Password in the Required Password option above.
2.In the Recovery Email box, enter some other email address to which you have access, such as another personal or work email address.
3.Enter the same email address in the Confirm Recovery Email box.
4.Click Save on the toolbar above.
Once set, if you attempt to sign in to Webmail with an incorrect password a "forgot password?" link will appear. This link takes you to a page that asks you to confirm your password recovery email address. If you enter the correct email address, an email message will be sent with a link to a page where you can change your password.
Two Factor Authentication (2FA)
Two Factor Authentication (i.e. 2-Step Verification) can make your account more secure by requiring you to enter a verification code, authenticate with your fingerprint on your device, or use some other additional authentication method whenever you sign in to Webmail, in addition to entering your normal email address and password. When using the Google Authenticator app, for example, the verification code constantly changes and is obtained at the time of sign-in from the app installed on your phone or device. This means that even if someone manages to obtain your password they will still not be able to sign in to your Webmail account, because they will be unable to get the verification code.
Using Device Authentication
To set up device authentication, such as using a USB security key, a fingerprint reader on your phone or laptop, or the like:
1.Sign in to Webmail using https:// in the browser rather than http://.
2.Under Two Factor Authentication, click Set up Device Authentication.
3.On the Device Authentication Setup box, select the type of device you wish to use.
4.Enter your Current Password, and click Get Started.
5.Follow the directions that appear for choosing and verifying your device.
6.When finished, an entry will appear in the Registered Two Factor Auth Credentials box above, for the credential you just added.
Authenticator App
To set up Two Factor Authentication using the Google Authenticator app:
1.Install the Google Authenticator app, or a Google Authenticator compatible app, on your phone or device.
2.Sign in to Webmail using https:// in the browser rather than http://.
3.Go to the Options » Security page, and enter your Current Password under the Password Required option.
4.Under Two Factor Authentication, Click Set up Authenticator App.
5.In your authenticator app, choose Set up account and then Scan a barcode, and scan the barcode on the page.
6.If you cannot scan the barcode, click Show Secret and then enter the secret code and your email address into the app.
7.Enter the Verification Code that appears in your app, and click Verify Pairing.
Using Email Verification
To set up a secondary email address for receiving a verification code (emailed codes normally expire after 10 minutes):
1.Sign in to Webmail using https:// in the browser rather than http://.
2.Go to the Options » Security page, and enter your Current Password under the Password Required option.
3.Under Two Factor Authentication, enter a Verification Code Email address (Note: this cannot be your Webmail email address).
4.Enter the same address again under Confirm Verification Code Email.
5.Click Set up Email Verification.
6.An email containing a verification code will be sent to the email address you provided. Enter the Verification Code, and click Verify Email.
