chr4

Devops. I've never asked for this.

Increase password entropy on developermail.io

I recently co-founded an email SaaS for developers called developermail.io where tech-savy people can configure their email mailboxes using git. We just released a new feature, which enables you to use high-entropy passwords with our services.

In this blogpost I’ll quickly show you howto generate more secure passwords for your developermail.io account and mailboxes.

Increase mailbox password entropy

On developermail.io, we generate strong passwords for our users. You can now set the length of those passwords in the YAML configuration files.

To increase the length of the generated password for your mailbox, add the password_length attribute to your config.yaml:

1
2
3
4
5
developermail.io:
  you:
    # This will set the password length for the mailbox
    # you@developermail.io to 30 characters
    password_length: 30

Simply git push your configuration, and the changes are live!

1
2
3
git add config.yaml
git commit am 'Increase password length for mailbox'
git push

Once your configuration was pushed and updated successfully, you can trigger a password change to retrieve a new password. This can be done using a curl request. See the official documentation for details.

Change your password using the credentials for the mailbox

1
curl -X POST -u "you@developermail.io" "https://developermail.io/api/mailboxes/change-password"

Alternatively, you can also trigger a password change using your account login (the one you also use for git access)

1
curl -X POST -u you "https://developermail.io/api/mailboxes/change-password" --data '{"user": "chr4", "domain": "developermail.io"}'

You’ll retrieve a JSON response including your new high-entropy password:

1
2
3
4
5
6
{
  "error": false,
  "message": "Password successfully changed.",
  "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "username": "chr4@developermail.io"
}

Increase account password entropy

As your account has access to the mailbox configurations, do not forget to also adapt your account password length. The process is analog to the mailboxes covered above.

First, set the account_password_length attribute to the desired length in your settings.yaml. In case you do not have a settings.yaml file in your repository, simply create it.

1
2
# This sets the password length for your account to 50
account_password_length: 50
1
2
3
git add settings.yaml
git commit -m 'Increase password length for account'
git push

Once the new settings are pushend (and therefore live), you can request a new password using a curl request. See the official documentation for details. Use your account credentials for this request (the same you’re using for git)

1
curl -X POST -u "examplecom" "https://developermail.io/api/accounts/change-password"

If you entered the correct password, you’ll receive a JSON response including your brand new, high entropy password:

1
2
3
4
5
6
{
  "error": false,
  "message": "Password successfully changed.",
  "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "username": "examplecom"
}