Re: [Clarification] (was: [SOLVED (magic?)])

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Clarification] (was: [SOLVED (magic?)])

From:	Yuri Khan
Subject:	Re: [Clarification] (was: [SOLVED (magic?)])
Date:	Tue, 7 Jun 2022 17:02:45 +0700

On Tue, 7 Jun 2022 at 14:16, Uwe Brauer <oub@mat.ucm.es> wrote:

>        as Tim and other pointed out, I can use, what google calls a app
>        password that I have to generate. I find this a bizarre
>        design/security decision since this password is considerably
>        shorter than my original imaps/smtps password.

I can try to explain the idea of app passwords, and then maybe they
will not seem as bizarre to you.

What we start with is a single Google account, with a single password,
and all client applications using this password. Easy to configure,
bad for security: most users will choose a weak password and store it
in many configuration points, and if it leaks or is stolen from any of
those, the whole account is compromised. The attacker can use your
master password to log in and change your password, and then you are
locked out.

On the other hand, with app passwords, each password is constrained to
a single client application. You generate a password for your email
client and it can connect with that password. If that password gets
stolen, the attacker has temporary access to your data. They cannot
change your password and lock you out. When you find out, you revoke
the leaked password and generate a new one, and then the attacker is
locked out and your account is no longer compromised.

[Prev in Thread]

Current Thread

[Next in Thread]

[SOLVED (magic?)] (was: [app password does not work (at the moment)]), (continued)
- [SOLVED (magic?)] (was: [app password does not work (at the moment)]), Uwe Brauer, 2022/06/02
  - Re: [SOLVED (magic?)], Robert Pluim, 2022/06/03
    - Re: [SOLVED (magic?)], Uwe Brauer, 2022/06/06
    - Re: [SOLVED (magic?)], Robert Pluim, 2022/06/06
  - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), Tomas Hlavaty, 2022/06/06
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), tomas, 2022/06/06
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), Tomas Hlavaty, 2022/06/06
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), tomas, 2022/06/07
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), Tomas Hlavaty, 2022/06/07
    - [Clarification] (was: [SOLVED (magic?)]), Uwe Brauer, 2022/06/07
    - Re: [Clarification] (was: [SOLVED (magic?)]), Yuri Khan <=
    - Re: [Clarification], Uwe Brauer, 2022/06/07
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), tomas, 2022/06/07
    - Re: [SOLVED (magic?)] (was: [app password does not work (at the moment)]), Richard Stallman, 2022/06/09
    - Re: [SOLVED (magic?)], Byung-Hee HWANG, 2022/06/07
    - Re: [SOLVED (magic?)], Tomas Hlavaty, 2022/06/07
    - Re: [SOLVED (magic?)], tomas, 2022/06/07
    - Re: [SOLVED (magic?)], Richard Stallman, 2022/06/09
    - Re: [SOLVED (magic?)], Eli Zaretskii, 2022/06/10
    - Re: [SOLVED (magic?)], Richard Stallman, 2022/06/11
    - Re: [SOLVED (magic?)], tomas, 2022/06/12

Prev by Date: Re: How to disable warnings about single quotes in emacs-29
Next by Date: Re: [PATCH] Add an option to not reduce vocabulary of the Japanese
Previous by thread: [Clarification] (was: [SOLVED (magic?)])
Next by thread: Re: [Clarification]
Index(es):
- Date
- Thread