Yubico Forum

Hi,
I started to use fastmail because it supported yubikey, but there is one big problem. Yubikey only get a second alternativ for login, it is impossible to remove the original only password login.

Hi!

Since this post was related to FastMail's authentication policy, we referred this question to the FastMail team and below is their reply:

------------------------
We believe that the Yubikey provides a secure mechanism for logging into
your account. Depending on your level of required security, you can use
either 1 factor (just the yubikey) or 2 factor (yubikey + alternate
password) to login to your account. This can be used anywhere you
believe there is a chance that your login information may be
compromised, or if you think your Yubikey might be stolen or lost.

However we still regard a users username + password as the canonical
authentication of the account. Only it can be used to setup new
alternate login methods, and obviously you have to use such a login to
register the Yubikey with your account in the first place. It should
only be used when you know you are on a trusted machine, using a Secure
Login that uses https to send and receive data via an encrypted channel.
------------------------