On Mon, 2022-07-04 at 10:45 +0200, Jaroslaw Rafa via evolution-list wrote: > Dnia 4.07.2022 o godz. 00:06:14 Richard pisze: > > > > I believe that when using 3rd-party email clients Yahoo now requires > > that you either set up and use a yahoo "app password", or OAuth 2. I > > don't think that using the yahoo site-password will work any longer > > with a 3rd-party mail client. > > So they basically did the same thing as Google? > I wonder if this really "improves security" as they claim. > If you log in via password, you don't have to store the password in your > email client; you will then have to type it everytime you launch your mail > client (it is what I'm always doing). > Both with OAuth2 and with app password, some form of credential must be > stored in your mail client: OAuth2 token because it just works this way, and > app password because it's random and impossible to remember. > So this is actually *less* secure if someone gains access to your computer > (or a mobile device, which can be a pretty real scenario if it gets stolen) > - they can then access your email without any password whatsoever...
By far the most prevalent form of email "hacking" is phishing. Both App Passwords and OAuth2 (and also MFA) dissociate your password from being the only thing necessary to gain access to your email. In that way, they are a significant increase in overall mail security. If you are concerned that an unauthorised person may get access to your computer and access emails that way then you absolutely MUST encrypt things. Filesystem encryption is a must for all portable devices; if your desktop is vulnerable or contains sensitive information then that too should be encrypted. On top of this your keystore, where Evolution stores passwords and tokens, is by default securely encrypted, but is unlocked when you login - you can change that so that you only unlock it when an application needs to use the contents. So yes, it really does improve security. P. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
