* [edbrowse-dev] two factor, per device
@ 2018-07-21 9:44 Karl Dahlke
2018-07-21 11:20 ` Dominique Martinet
0 siblings, 1 reply; 3+ messages in thread
From: Karl Dahlke @ 2018-07-21 9:44 UTC (permalink / raw)
To: edbrowse-dev
[-- Attachment #1: Type: text/plain, Size: 918 bytes --]
I'm sorry but I still don't understand it. Maybe I am a little dense.
You get an imap password, somehow, and you claim it is per device? How is that possible?
I've seen the pop3 and imap protocols at the lowest levels.
Hell I implemented them, before curl.
There is no field for "here's the device I'm on".
There's a log in and a password, that's it!
In theory the server could glom onto your ip address, but that is not an indicator of your device; it is where you are, which public wifi etc.
There are no cookies, nothing else that would indicate device.
So again, it seems to me it's just another password, that you use for imap, and a) I don't see that it adds much security, maybe a little,
and b) I definitely don't understand how it can be per device or per application.
If password foobar gets you in to imap from mutt on your phone, it will get you in on edbrowse on your desktop.
Karl Dahlke
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edbrowse-dev] two factor, per device
2018-07-21 9:44 [edbrowse-dev] two factor, per device Karl Dahlke
@ 2018-07-21 11:20 ` Dominique Martinet
2018-07-21 12:17 ` Karl Dahlke
0 siblings, 1 reply; 3+ messages in thread
From: Dominique Martinet @ 2018-07-21 11:20 UTC (permalink / raw)
To: Karl Dahlke; +Cc: edbrowse-dev
Karl Dahlke wrote on Sat, Jul 21, 2018:
> You get an imap password, somehow, and you claim it is per device? How
> is that possible?
No, well, yes - the way they want it to work is you generate as many
password as "apps" you want to use gmail with, so it's your "job" to
generate one per device.
More to the point, when you generate such a password it's given once and
then there's no way to view it again, so unless you go find it in your
.ebrc or somewhere you wrote it down it's probably easier for most
people to make another one up when they need a second one.
I doubt they'll forbid you to log in if you use the same one for
multiple programs/devices though.
> If password foobar gets you in to imap from mutt on your phone, it
> will get you in on edbrowse on your desktop.
Right, it's just a matter of user perspective. But my arguments from the
previous mail stand: if you were a good boy and used a different
password for each device, and one of them gets stolen, it's easy to
revoke that one.
If on the other hand you want to use the same generated password for
everything then it's the same as before, like you say.
--
Dominique
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-21 12:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-21 9:44 [edbrowse-dev] two factor, per device Karl Dahlke
2018-07-21 11:20 ` Dominique Martinet
2018-07-21 12:17 ` Karl Dahlke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).