On Mon, 2022-07-04 at 11:10 +0200, Jaroslaw Rafa via evolution-list wrote: > Dnia 4.07.2022 o godz. 10:04:49 Pete Biggs pisze: > > By far the most prevalent form of email "hacking" is phishing. Both App > > Passwords and OAuth2 (and also MFA) dissociate your password from being > > the only thing necessary to gain access to your email. In that way, > > they are a significant increase in overall mail security. > > But if you don't have MFA configured (and I assume the OP did not have, > since if you had MFA you won't be able to login to IMAP via password only > anyway) and someone knows your password, he can login to your email anyway > using the web interface.
But that's the point. He couldn't login using his password, Yahoo requires an App Password or OAuth2 if you are using IMAP. Both methods need you to login via the web, which allows them to control the security rather than relying on a less secure IMAP connection. > > So what advantage in terms of security does disabling a password login via > IMAP give if someone can still login using the same password via the web > interface? Because there are things happening when you login via the web that are not obvious - things like browser identity, cookies, two stage login etc. etc. They all have to be correct for you to login with just a password. If they aren't, then it will ask for the extra factor. These are things that can't be done for an IMAP connection. But this is now way, way, of topic for this list. P. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list