edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed
From: Dominique Martinet <asmadeus@codewreck.org>
To: Karl Dahlke <eklhad@comcast.net>
Cc: edbrowse-dev@edbrowse.org
Subject: Re: [edbrowse-dev] Two Factor
Date: Sat, 21 Jul 2018 05:38:47 +0200	[thread overview]
Message-ID: <20180721033847.GA1649@nautica> (raw)
In-Reply-To: <20180620232406.eklhad@comcast.net>

Karl Dahlke wrote on Fri, Jul 20, 2018:
> Ok, so somehow you've made a separate imap password, how the hell is that any more secure than the password you use for your account?
> Either way an email client is sending over a password. It's just a password.
> This looks like bogus bull shit to me.

It's a bit bull shit, but the advantage is that you can (should?) have
one separate password for each computer / phone / campfire (for mail
over smoke signal!); so that if your phone gets stolen you can disable
that phone's password and create a new one.

Also, the generated password will be more complicated than "passw0rd"
(harder to guess than what most people would pick naturally) and doesn't
give access to the main web account, so when adding these three points
up it's arguably better on the grand scale - so that the password that's
very often stored in plain text in a config file like our .ebrc will
only give access to mails and not to google calendar or whatever it is
people do with their gmail account.

Can't say I can relate much to any of the arguments I just gave here,
but I can understand that they would encourage people to do this.
Now if they disable the old method though I'm not sure what we should do
though, probably will have to spend a bit of time figuring why it thinks
our browser is not supported...


      reply	other threads:[~2018-07-21  3:39 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-21  1:28 Karl Dahlke
2018-07-21  1:55 ` Dominique Martinet
2018-07-21  3:24   ` Karl Dahlke
2018-07-21  3:38     ` Dominique Martinet [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180721033847.GA1649@nautica \
    --to=asmadeus@codewreck.org \
    --cc=edbrowse-dev@edbrowse.org \
    --cc=eklhad@comcast.net \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).