From mboxrd@z Thu Jan 1 00:00:00 1970 X-Greylist: delayed 462 seconds by postgrey-1.37 at hurricane; Fri, 20 Jul 2018 19:03:14 PDT Received: from nautica.notk.org (nautica.notk.org [91.121.71.147]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 159887ABD1 for ; Fri, 20 Jul 2018 19:03:14 -0700 (PDT) Received: by nautica.notk.org (Postfix, from userid 1001) id DA2FBC009; Sat, 21 Jul 2018 03:55:28 +0200 (CEST) Date: Sat, 21 Jul 2018 03:55:13 +0200 From: Dominique Martinet To: Karl Dahlke Cc: edbrowse-dev@edbrowse.org Subject: Re: [edbrowse-dev] Two Factor Message-ID: <20180721015513.GA18666@nautica> References: <20180620212828.eklhad@comcast.net> X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180620212828.eklhad@comcast.net> User-Agent: Mutt/1.5.21 (2010-09-15) Karl Dahlke wrote on Fri, Jul 20, 2018: > Chuck mentioned, off the group, that you can't access gmail through imap or pop3 unless you check a "allow less secure applications" button, and I have also experienced this. > And when I wanted to tap into my daughter's gmail by email, she too had to enable this "less secure apps" feature. > There are rumors that A) this option might go away, whence edbrowse access to gmail would go away, and > B) it relates to two-factor. > Without me doing a lot of research, can anyone explaain two-factor, and does curl support it, whence edbrowse could remain viable for gmail and other paranoid servers? > I'm guessing it's out of our hands; either curl supports it or it does not; but that's a guess. "two factor" in itself is easy and should work with edbrowse - the point is that to log in to your gmail account on the web interface, you need to enter your password, then the next page will ask you to enter the text message you received (they also do voice call or "security keys" like yubikey, the keys might not be trivial to get to work, but phone call works) in the next prompt For imap/smtp there apparently is an "application-specific" password just like fastmail is doing, once you've logged in with 2-factor they'll let you create new passwords on this page: https://myaccount.google.com/apppasswords Now... while logging in with 2-factor enabled works, I couldn't get the actual enabling from gmail, and similarily the app passwords page doesn't load either. I just get a "Your browser is not supported anymore. Please update to a more recent one."... So, a bit of a mixed feeling there. Just like fastmail if you can get someone to help or if you use a screen reader with firefox for initial setup you should be ok afterwards, but edbrowse isn't going to be independant anymore :/ -- Dominique