meli
/
wasm-demo
4
Fork 0
Code Issues Pull Requests Releases Wiki Activity
wasm-demo/demo/ermis-f/imap-protocol/cur/1600095026.22623.mbox:2,S

58 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

MBOX-Line: From blong at google.com Fri Sep 26 09:09:58 2014
To: imap-protocol@u.washington.edu
From: Brandon Long <blong@google.com>
Date: Fri Jun 8 12:34:53 2018
Subject: [Imap-protocol] Seeking clarity on Gmail "Access for less
secure apps" setting for non XOAuth2 access
In-Reply-To: <54255E59.6040104@earthlink.net>
References: <5400A146.4020602@mozilla.com>
<CABa8R6se2WefF4q-cFzR2qtU_5_jDL-wioPF+jPmOTdpCaJhtw@mail.gmail.com>
<54255E59.6040104@earthlink.net>
Message-ID: <CABa8R6uZaZCA+2Bb3qtyJw69xOb0WvdZ3mPRO_EFDTONiwbhiw@mail.gmail.com>
Anything that uses the user's password is generally considered 'less
secure'.
Basically, with the high prevalence of password reuse and
compromise/exfiltration/phishing/malware/etc, passwords are no longer a
sufficient method of proving account ownership. On the web, with a Turing
machine available to us and a number of signals and the fact that the user
is actually sitting physical in front of a computer, we can mostly ensure
auth, but for IMAP which may be from a service or proxy and the prevalence
of smart phones which both travel and are often NAT'd across the country,
things are much more complicated.
So, yes, please use xoauth2 or the oauth-bearer when its available (we're
just waiting on the rfc to be published at this point).
And as good a time as any to remind folks that xoauth has been deprecated
for a while now and will cease to work next year. Migrate your users now.
XOAuth2 should be supported as long as oauth-bearer since its has only
minor differences being based on an earlier draft, the tokens are all the
same.
Brandon
On Sep 26, 2014 5:36 AM, "Rick Sanders" <rfs9999@earthlink.net> wrote:
> Hi,
>
> With Gmail is XOAUTH2 the only login method that is not considered "less
> secure"?
>
> For some reason I got the impression that AUTHENTICATE PLAIN was not
> considered "less secure".
>
> Thanks
> -Rick
>
>
> --
> Rick Sanders
> rfs9999@earthlink.net
> IMAP Tools http://www.athensfbc.com/imap-tools
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman13.u.washington.edu/pipermail/imap-protocol/attachments/20140926/d887bfe2/attachment.html>
Reference in New Issue View Git Blame Copy Permalink