On Fri, 29 Apr 2022, Jaroslaw Rafa via mailop wrote:
Dnia 29.04.2022 o godz. 12:08:13 Andrew C Aitchison via mailop pisze:
You wouldn't want to give anybody - be it Google or anybody else - login
credentials to your email account, would you?
In many organisations it is worse than that.
With single-sign-on it gives Google etc. access to the user's
desktop, files and compute resources.
Hm... if you use Google for single sign-on, it doesn't give Google access to
user's resources. You are only asking Google for authentication (instead of
for example your local AD domain controller), but this itself doesn't provide
Google a way to access your local resources (unless you separately configure
such a way). It works the opposite way - with Google SSO, your local apps
are able to access data kept in your Google account, but not the other way.
Of course another thing is when you keep everything "in the cloud" - as many
organizations do - and user's files are stored on Google Drive and not
locally. Then of course Google has access to them regardless whether you
use SSO or not.
I meant that if the organisation uses SSO, or at least the same password,
for email and other institutional access, then letting a third party
use pop to collect your mail into their user-agent, you are giving them
the keys to everything in the organisation (that the user may access).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
