Hello, I’m using Tutanota as my mail provider. It’s quite ok for me, but I miss some features, like possibility to remove aliases, “+” aliases or tasks/notes integrated with mail. I’ve started looking for alternatives and I found mailbox.org. Webmail design is not the best, but functionality is great. It has everything I really need. But I found 3 issues, that reject me from switching to mailbox.org.
Weird 2FA system. Its replacing master password with 4-digital (or letter) PIN + 6-digital OTP. After all, it’s nothing more than normal password + 2fa, but why my password is limited to 4 characters? Is it possible or planned to change?
No App Passwords. IMAP doesn’t support 2FA, I know that, but why we don’t have app passwords for it with limited permissions? Instead we have to use our master password.
(connected with 2nd) Account Recovery system. It allows to recover your account if you are logged in on any device (you will receive email with reset link to your mailbox). But! Account recovery is removing 2fa too. So, if someone will access your master password and use it to login via IMAP, then he/she will be able to remove 2FA easily, access our account and change account recovery options, password, etc. We will just loose our account. 2FA is useless in that case.
What do you think about it? Mailbox can be really called secure? As far as I remember, on Tutanota, even if someone will get your recovery key, he/she will be able only to change password, but 2FA has different recovery keys and its real two step verification.