I think that report shows that storing your decryptable password in any big cloud is a really bad idea. They get hacked because they are one big juicy target and then has access to hundreds of millions of passwords. It's not just a bad idea for users, it's - as the document points out - a national threat at this point.
Scott On Tuesday, 07/01/2025 at 12:17 Louis via mailop wrote: Nobody sane does that in 2025 Not for their own users passwords, no. But if a user has to provide secrets that you have to user server-side, then yes. And you'll find that this happens much more often than you're thinking. The problem here of course is that the secret isn't easily revocable and that users may have reused this secret across services. This doesn't apply to me because of the ASP enforcement, but I assume your message wasn't directed at that. The fact remains that in this case, the user wants their emails to be on another server. If that's something you do not want to happen, you'll have to limit IMAP/POP3 access to specific networks. It is an open protocol that utilizes the user's actual password as the access token, and we're stuck with it for better or worse. Have you (re) read this document recently Nope. I did just now, and it's an interesting read! Really shows the importance of key rotation, even if you're confident a secret key can't be leaked. Groetjes, Louis Op dinsdag 7 januari 2025 om 17:27, schreef Scott Q. via mailop > (sorry, asking your users to share their password with GMail) ? >> > > > Andrew, either I’m not understanding or you’ve not thought this through… > > If a customer wants a copy of all of their email to be in Gmail, does it > really matter if Gmail has the password to the user’s account? does the user use the same credentials to pull messages (POP or IMAP) and to log in to SMTP to send messages? On 2025-01-06 18:11, Louis via mailop wrote: > Realistically, it's the same risk as giving the user's password to any > email client, right? Unless you implement a strict ASP policy for imap/ > pop/smtp, the user is going to be giving out their passwords to email > clients anyway. NO IT IS NOT! on so many counts it is not: (1) one user device storing one set of user credentials is a much less interesting attack target than the server/infrastructure of a service provider holding millions of such credentials (2) conversely, the security applied to the server/infrastructure is most likely light years ahead of the average user's client device (3) not all email clients operated on user's devices are the same. some do stupid things such as saving credentials in plain text. others do other stupid things such as copying credentials to their owner's cloud (4) can't control the customer, whether they use Gmail or some local client, but can certainly control your infrastructure and the risk is totally different based on how you set up credentials for your own customers. Reading this mailing list, sometimes I wonder about best practices... Yuv -- Ontario-licensed lawyer _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
