Recently we’ve been hard at work on improvements to Vivaldi accounts and the Vivaldi Community in general. In this post, we’ll bring you up to speed on the latest changes.
Two-Factor Authentication arrives for Vivaldi accounts.
First up is our implementation of Two-Factor Authentication support. With this move, we’ve taken the security of your Vivaldi account to a new level.
What is Two-Factor Authentication?
When you’re logging in somewhere, such as an online account, you’re asked to prove that you are who you claim to be, i.e., authenticate yourself. There are many ways to do that, but the different authentication (verification) methods mostly fall under the following three categories:
- Something you know. That can be a password or a PIN code.
- Something you have. Such as a physical security key or a device used for authentication.
- Something you are. Think of face recognition and fingerprint scanning.
If, to access an account, you’re asked to use more than one authentication method aka factor, it’s called multi factor authentication. With your everyday online accounts, asking for two different methods is the most common practice, so multi factor authentication is often called Two-Factor Authentication.
Logging in usually starts with the easier verification method. For example, after you’ve entered the username you type in the password. If the password is correct, you’re asked to verify yourself using an additional method. Then, you check an authenticator app on your phone and enter the relevant Time-based one-time password (TOTP) on the log-in page or connect your security key and interact with it to show that you want to log in. If that goes well, you’re granted access and can start using the service.
Requiring more than one authentication method, makes the account a lot safer as unauthorized users must put in a lot more effort to “break the locks” on your account. And unless the person has close access to your belongings and passwords, breaking the second factor is basically impossible.
How does Two-Factor Authentication work in Vivaldi?
Two-Factor Authentication in Vivaldi is not enabled by default, and does not yet include Sync – we will inform you once it is added. To start using Two-Factor Authentication with your Vivaldi Account, you need to go to your account’s profile on Vivaldi.net and enable it. You can choose from two different options.
First, you can set up app-based authentication. These are usually apps you can install on your phone. Link your Vivaldi account with the app; then, every time you log in to your Vivaldi account, you check the app for the TOTP passcode. In Vivaldi, only one authenticator app at a time can be used.
The second option is using a security key. These are physical items that you need to connect to the device you’re logging in on. Many of them look like little USB drives that you connect via a USB port to your computer or with NFC (near-field communication) on a mobile device. Sometimes the device itself can be the security key, for example, Windows Hello on computers with newer Windows operating systems. You can set up multiple security keys with your Vivaldi account and during login, use whichever key is the most convenient at the time. If you have multiple security keys, we recommend setting up at least one other for backup purposes.
And, speaking of backups, when you enable Two-Factor Authentication for your Vivaldi account, please set up more than one method. You can use multiple security keys or an authenticator app together with a physical key.
If you’re only able to add one of those methods, be sure to generate Recovery Codes. These are long codes made up of random letters that you can use, whenever your main second verification option isn’t available. For example, your phone breaks beyond repair or you lose the security key.
We generate 3 codes for your account, which you should save in a safe location. For example, print it out on paper and store it somewhere secure. Such as a safe if you have one. Each code can be used only once, so when you’ve used even just one code, it’s best to go to your account’s profile and review your Two-Factor Authentication settings. Perhaps you need to replace one of the second factors you’ve set up or temporarily disable the feature.
If you’ve enabled Two-Factor Authentication for your account, but you’re unable to use any of the setup methods, you’ve unfortunately permanently lost the account, as the Vivaldi team is not able to help you recover access.
So, this is how we are upgrading the security of your Vivaldi account. But we are also implementing some key changes to keep Vivaldi Webmail reliable and scalable.
Vivaldi Community has over 1.3 million active accounts, with new ones created every day. The vast majority are lovely, well-intentioned people, but unfortunately there are always a few bad apples trying to take advantage. And, these bad apples can cause more trouble for us and for you than you might imagine. Ignoring it is not an option.
What is Vivaldi Webmail?
Before we get into how we’re addressing the issues noted above, let’s go over the basics. What exactly is Vivaldi Webmail and is it the same as Vivaldi Mail?
Vivaldi Webmail is a free and private email service we offer to our community members to cover their personal emailing needs. You can access it via the web interface, or you can add the account to a mail client/app of your choice. Naturally, we recommend Vivaldi Mail, Vivaldi Browser’s built-in mail client.
And that should answer the second question. While Vivaldi Webmail is an email service that provides you with an email address and takes care of delivering the messages, Vivaldi Mail is a program, where you can view and manage messages from all your mail accounts.
Why is providing a free webmail service a struggle?
As hinted above, Vivaldi Webmail is constantly tested by malevolent people like spammers, scammers, phishers and others with malicious intentions. They usually get caught and blocked fairly fast, but even that is more than we’re willing to tolerate.
Unfortunately, the spammers are very cunning and often find ways to slip past the restrictions we have set up to limit spam. So, it’s a constant battle of trying to one-up the other. What’s worse, the better we manage to keep our service’s reputation, the more attractive it becomes to the spammers. You can read more about the struggles in this blog post written by our sysadmin Thomas.
What have we tried in the past?
In late 2019, we introduced a requirement for those who wanted to use Vivaldi Webmail and/or host their blog on Vivaldi.net to verify their identity via their phone. It cut down the amount of spam significantly for a couple of years, Though some spammers still managed to get through the net, things were more or less manageable. But with the latest influx, it looks like it’s time to try something new.
What are we trying now?
The good news for many is that we will retire SMS verification (and delete all numbers from our database). Those wishing to host their blog on Vivaldi.net can do that without needing to take additional steps before creating a blog. We do see some spam posts on Vivaldi.net, but unlike with emails, the spam is contained on our platform and, with a reporting system being implemented, we can manage the moderation.
From 4 May 2023, verifying your identity via a code sent to your phone will be replaced by a reputation system that grants access to Vivaldi Webmail only to users who actively take part in the community. This means that new users will not be able to use Vivaldi Webmail immediately after creating the account. They’ll have to participate in Forum discussions, interact with others on Vivaldi Social, share their browser themes, post on their blog and/or sync their browser data to collect “points”.
To guarantee the efficiency of this new method, we will not share details about which activities help to build reputation and how many points each action will give. How long it will take to get access to Vivaldi Webmail will also vary. So it’s best to just enjoy being a member of the community. Then, one day, with recognition as an active Vivaldi Community member, you’ll get access to Vivaldi Webmail.
There are two ways to know whether you can use Vivaldi Webmail. The first is to log in to your account on Vivaldi.net and check either the top section of the homepage or your profile for a link to Webmail. The second option is to try logging in on webmail.vivaldi.net. If instead of being logged in to the mailbox, you see a message “Access denied.”, you need to wait a bit longer.
What does it mean for accounts created before this update?
All accounts that already had access to Vivaldi Webmail prior to 4 May 2023 will continue to have access. No action from you is required. If you have an older account, but for one reason or another didn’t verify your phone number, you will be able to create a blog but will need to start building a reputation to use Vivaldi Webmail like all new users.
If you’re having trouble with your account or have questions, reach out to our Support team using the contact form at the end of this Help article (click on “Send us a message”).
And, last, but not least …
Community members have always been able to flag inappropriate content on our Forum and Vivaldi Social. From today, you can also let us know if a blog post on Vivaldi.net fails to meet our community standards.
To report a blog post, open it and below the content, next to the Share button, click on Report. Pick a reason you think this post is not suitable for Vivaldi.net, leave a comment and submit it. Our team will review your report and take appropriate action.
Each of these changes reflects our commitment to nurturing a vibrant Vivaldi Community and to provide a better experience overall. Your feedback will help us refine and improve, so let us know what you think in the comments below or in the Forums.