Re: [Evolution] unable to save read port

From: Pete Biggs <pete biggs org uk>
To: evolution-list gnome org
Subject: Re: [Evolution] unable to save read port
Date: Mon, 04 Jul 2022 10:04:49 +0100

On Mon, 2022-07-04 at 10:45 +0200, Jaroslaw Rafa via evolution-list
wrote:

Dnia  4.07.2022 o godz. 00:06:14 Richard pisze:


I believe that when using 3rd-party email clients Yahoo now requires
that you either set up and use a yahoo "app password", or OAuth 2. I
don't think that using the yahoo site-password will work any longer
with a 3rd-party mail client.


So they basically did the same thing as Google?
I wonder if this really "improves security" as they claim.
If you log in via password, you don't have to store the password in your
email client; you will then have to type it everytime you launch your mail
client (it is what I'm always doing).
Both with OAuth2 and with app password, some form of credential must be
stored in your mail client: OAuth2 token because it just works this way, and
app password because it's random and impossible to remember.
So this is actually *less* secure if someone gains access to your computer
(or a mobile device, which can be a pretty real scenario if it gets stolen)
- they can then access your email without any password whatsoever...


By far the most prevalent form of email "hacking" is phishing. Both App
Passwords and OAuth2 (and also MFA) dissociate your password from being
the only thing necessary to gain access to your email.  In that way,
they are a significant increase in overall mail security.

If you are concerned that an unauthorised person may get access to your
computer and access emails that way then you absolutely MUST encrypt
things. Filesystem encryption is a must for all portable devices; if
your desktop is vulnerable or contains sensitive information then that
too should be encrypted.  On top of this your keystore, where Evolution
stores passwords and tokens, is by default securely encrypted, but is
unlocked when you login - you can change that so that you only unlock
it when an application needs to use the contents.

So yes, it really does improve security.

P.

Follow-Ups:
- Re: [Evolution] unable to save read port
  - From: Jaroslaw Rafa

References:
- [Evolution] unable to save read port
  - From: Kevin T
- Re: [Evolution] unable to save read port
  - From: Pete Biggs
- Re: [Evolution] unable to save read port
  - From: Kevin T
- Re: [Evolution] unable to save read port
  - From: Richard
- Re: [Evolution] unable to save read port
  - From: Jaroslaw Rafa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]