edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed
* [edbrowse-dev] two factor, per device
@ 2018-07-21  9:44 Karl Dahlke
  2018-07-21 11:20 ` Dominique Martinet
  0 siblings, 1 reply; 3+ messages in thread
From: Karl Dahlke @ 2018-07-21  9:44 UTC (permalink / raw)
  To: edbrowse-dev

[-- Attachment #1: Type: text/plain, Size: 918 bytes --]

I'm sorry but I still don't understand it. Maybe I am a little dense.

You get an imap password, somehow, and you claim it is per device? How is that possible?
I've seen the pop3 and imap protocols at the lowest levels.
Hell I implemented them, before curl.
There is no field for "here's the device I'm on".
There's a log in and a password, that's it!
In theory the server could glom onto your ip address, but that is not an indicator of your device; it is where you are, which public wifi etc.
There are no cookies, nothing else that would indicate device.
So again, it seems to me it's just another password, that you use for imap, and a) I don't see that it adds much security, maybe a little,
and b) I definitely don't understand how it can be per device or per application.
If password foobar gets you in to imap from mutt on your phone, it will get you in on edbrowse on your desktop.

Karl Dahlke

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [edbrowse-dev] two factor, per device
  2018-07-21  9:44 [edbrowse-dev] two factor, per device Karl Dahlke
@ 2018-07-21 11:20 ` Dominique Martinet
  2018-07-21 12:17   ` Karl Dahlke
  0 siblings, 1 reply; 3+ messages in thread
From: Dominique Martinet @ 2018-07-21 11:20 UTC (permalink / raw)
  To: Karl Dahlke; +Cc: edbrowse-dev

Karl Dahlke wrote on Sat, Jul 21, 2018:
> You get an imap password, somehow, and you claim it is per device? How
> is that possible?

No, well, yes - the way they want it to work is you generate as many
password as "apps" you want to use gmail with, so it's your "job" to
generate one per device.
More to the point, when you generate such a password it's given once and
then there's no way to view it again, so unless you go find it in your
.ebrc or somewhere you wrote it down it's probably easier for most
people to make another one up when they need a second one.
I doubt they'll forbid you to log in if you use the same one for
multiple programs/devices though.

> If password foobar gets you in to imap from mutt on your phone, it
> will get you in on edbrowse on your desktop.

Right, it's just a matter of user perspective. But my arguments from the
previous mail stand: if you were a good boy and used a different
password for each device, and one of them gets stolen, it's easy to
revoke that one.
If on the other hand you want to use the same generated password for
everything then it's the same as before, like you say.

-- 
Dominique

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [edbrowse-dev] two factor, per device
  2018-07-21 11:20 ` Dominique Martinet
@ 2018-07-21 12:17   ` Karl Dahlke
  0 siblings, 0 replies; 3+ messages in thread
From: Karl Dahlke @ 2018-07-21 12:17 UTC (permalink / raw)
  To: edbrowse-dev

[-- Attachment #1: Type: text/plain, Size: 341 bytes --]

> if you were a good boy and used a different password for each device,

Well if I have to jump through a lot of hoops, maybe ask for sighted help, to generate that password, then no, I'm not gonna be a good boy and go through that process for each device;
I'm gonna do it once and then use that same password everywhere.

Karl Dahlke

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-07-21 12:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-21  9:44 [edbrowse-dev] two factor, per device Karl Dahlke
2018-07-21 11:20 ` Dominique Martinet
2018-07-21 12:17   ` Karl Dahlke

edbrowse-dev - development list for edbrowse

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/edbrowse-dev

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 edbrowse-dev edbrowse-dev/ http://inbox.vuxu.org/edbrowse-dev \
		edbrowse-dev@edbrowse.org
	public-inbox-index edbrowse-dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.edbrowse.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git