On Thu, May 02, 2019 at 11:50:12AM +0100, Andrew C Aitchison via mailop wrote: > With single-sign-on I need to make it easy for users not to give the > alternate mail service (and their hackers :-) access to all the > services I provide, along with POP retrieval.
In addition: thanks to password re-use practices, which are epidemic, "giving provider $X a password so that they can POP email from provider $Y" is semantically equivalent to "giving provider $X passwords to some/most/all other accounts of other descriptions". Even if we presume the most scrupulous behavior by $X and its personnel -- and history shows that is often naive and dangerous -- it still increases the exposure/risk of the password in question. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
