Two factor login requires that you in addition to username and password also suply an additional code from an Authenticator App on your mobile phone. This provides an enhanced security since even if an attacker might be able to guess your password, they would not also be in physical posession of your mobile phone.
The Authenticator App produces one-time codes that are only valid for 30 seconds. Then a new code is displayed on the App.
There are several Apps on the market that can be used. The App must implement TOTP (Time-based One-Time Password) security tokens from RFC6238. One free App which is widely used is “Google Authenticator” which is available for both Androids and iPhones. For Windows phones you can for example use the “Authenticator” App.
To enable two factor login, you must first have an Authenticator App installed.
Then in your Authenticator App select to create a new entry.
Log in to your SecureMailbox account using the full version of SecureMailbox (i.e. not the mobile version which does not have all admin capabilities available.)
Open your “Account settings” and select the “ID control” tab. Here indicate that you have installed an Authenticator App.
Now you are required to authenticate this action by entering a control code sent to your mobile phone.
Then a QR code is shown in SecureMailbox with a “secret” that your Authenticator App needs. You can either scan the QR code, or manually type in the secret code.
To validate that the process has worked you complete the setup by entering a code from your Authenticator App in SecureMailbox.
Now you are almost done. Two-factor login is set up and ready. But, if you loose your phone with your Authenticator App you are permanently locked out from your account unless you have configured a backup phone, or printed some one-time recovery codes. Do so right away if you have not already!
You can read more about how to enable Google Authenticator on the Google help page.
NOTE: It is important that the clock on your phone is correct. The code generation is depending on an accurate time.
Legally correct communication, what does that mean?
SecureMailbox is the first service that has been implemented according to the new possibilities to handle all collaboration legally correct in an App. By combining encryption, storage, strong sender authentication of the receiver as well as laws in the right way, the service can help any user or 3rd party App developer to handle classified data, bank secrecy, patient data and personal privacy laws all over the world. The service is operating out of Sweden (under Swedish laws) where the constitution provides one of the strongest legal protections in the world of personal privacy.
Which browsers are supported?
SecureMailbox supports the two last major versions of the largest browsers on the market (IE, Safari, Chrome, Firefox). Today we have stable users on:
– Chrome 4x, 5 and later – Firefox 4x, 5 and later – Internet Explorer 10 and later (IE9 limited functionality. Please do NOT use the unsecure IE8! If you have an old PC than can not upgrade IE, please install either Firefox or Chrome instead.) – Safari 9x, 10 and later
On iPhone/iOS, Android phones and touch pads, the Mobile specific edition of SecureMailbox is only supported on Safari and Chrome. Other mobile browsers are not supported but may work using the non-mobile version of SecureMailbox.
How do I license GDPR Organizer?
With GDPR Organizer, you can ensure that all affected by your business receive protection of communications and personal data, in accordance with current data protection laws, with built-in privacy. GDPR Organizer is available on an annual subscription plan. Every GDPR Organizer user get the SecureAppbox authentication service, small “appbox” storage, limited upload encryption capacity.
Amount of Users
SecureAppbox Organizer per year
An Organizer user, is a user that have accepted the invitation (through strong authentication) to use a SecureAppbox application including the functionality that we've built into the SecureAppbox cloud. This can be any type of SecureMailbox user, any user that use an application storing data within SecureAppbox or a user that sign into their App or Web application with SecureAppbox credentials.
You can add and remove users as your organization changes. We'll make sure you are charged for the right user tier based on your organization and sponsored accounts.
Security Audit and GDPR Seal
The requirements for this security audit have been assembled to address a combination of common technical issues in evaluating a cloud service. In particular concerns addressed relate to topics brought forward by personal data and patient data privacy legislation such as the EU Data Protection Directive (officially Directive 95/46/EC), the Swedish Personal Data Act (PUL) and Patient Data Act (PDL). In addition, general requirements for security and accessibility were also added.
SecureAppbox is one of the first secure cloud service that has been awarded a Privasee SEAL for EU’s new General Data Protection Regulation (GDPR) and the ISO/IEC 29100 privacy framework. SecureAppbox was awarded the SEAL for demonstrating compliance with Privacy by Design principles and the new EU regulation, due to replace national data protection laws in all EU member states.
How does the Appbox GDPR API work?
Under the "APPBOX" tab, you are able to generate an API key to use to connect your application or service. This allows developers to use ready-made features in SecureAppbox which otherwise takes a long time to develop. For example, registration and strong user authentication as well as protection of app data under data protection laws. Additionally, it's easy to connect applications with SecureMailbox GDPR Messenger for secure distribution of results or analysis before being forwarded to anyone with a secured security
Can anyone use SecureMailbox?
Yes, the only thing you need is a valid e-mail address and a mobile phone that can receive text messages (with security access codes). Possibly you might need to update/change your browser. See the FAQ section “Which browsers are supported?”. No other software downloads or technical knowledge are required. SecureMailbox offers free secure communication for all e-mail users around the world, where you only pay if you want to use add-on options or upgrade to our premium services.
The e-mail address you use must exist and not bounce (refuse) notifications sent to it.