On 2017-10-06 15:18:45 (-0700), Brandon Long via mailop wrote:
It can also aid in using say geohop stats. Ie, one easy way to try to detect hijacking is to geoloc the accessing IP, and see how close it was to the last access, or keep track of where the user is accessing from. This has obvious issues if your users travel. If a user with a phone that supports it goes somewhere else, chances are they'll access from the phone first, even if their desktop client doesn't support client-token, so you have a strong signal that they traveled somewhere else.
This paragraph sounds incredibly creepy... I'm glad I'm not one of your users!
I hope you're not stalking users like this by default, or at least allowing them to opt out?
What's the fallback authentication in case the user decides they don't like being stalked and use something like Tor? IMAP doesn't have convenient CAPTCHA support...
Anyways, that's the reason we moved to requiring OAUTH by default, and requiring users to jump through hoops to enable "less secure apps" (ie, password based auth).
I don't consider a long random password the user can't change particularly insecure.
Most of the problems with passwords are because humans can't (or won't) pick secure (i.e.: long and unmemorable) ones and then go on to use the same bad passwords everywhere. Pesky humans!
Nothing wrong with "app passwords" though: difficult to reuse, difficult to brute-force, and easy to revoke. Philip -- Philip Paeps Senior Reality Engineer Ministry of Information _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
