I'm sorry but I still don't understand it. Maybe I am a little dense.

You get an imap password, somehow, and you claim it is per device? How is that possible?
I've seen the pop3 and imap protocols at the lowest levels.
Hell I implemented them, before curl.
There is no field for "here's the device I'm on".
There's a log in and a password, that's it!
In theory the server could glom onto your ip address, but that is not an indicator of your device; it is where you are, which public wifi etc.
There are no cookies, nothing else that would indicate device.
So again, it seems to me it's just another password, that you use for imap, and a) I don't see that it adds much security, maybe a little,
and b) I definitely don't understand how it can be per device or per application.
If password foobar gets you in to imap from mutt on your phone, it will get you in on edbrowse on your desktop.

Karl Dahlke