From: Yuri Khan <yuri.v.khan@gmail.com>
To: Emacs developers <emacs-devel@gnu.org>
Subject: Re: [Clarification] (was: [SOLVED (magic?)])
Date: Tue, 7 Jun 2022 17:02:45 +0700 [thread overview]
Message-ID: <CAP_d_8UQUZ7N5FgLH_hr8iA3ZDSG87t_6PC626RSKnqwWnreuw@mail.gmail.com> (raw)
In-Reply-To: <87zgiphrui.fsf_-_@mat.ucm.es>
On Tue, 7 Jun 2022 at 14:16, Uwe Brauer <oub@mat.ucm.es> wrote:
> as Tim and other pointed out, I can use, what google calls a app
> password that I have to generate. I find this a bizarre
> design/security decision since this password is considerably
> shorter than my original imaps/smtps password.
I can try to explain the idea of app passwords, and then maybe they
will not seem as bizarre to you.
What we start with is a single Google account, with a single password,
and all client applications using this password. Easy to configure,
bad for security: most users will choose a weak password and store it
in many configuration points, and if it leaks or is stolen from any of
those, the whole account is compromised. The attacker can use your
master password to log in and change your password, and then you are
locked out.
On the other hand, with app passwords, each password is constrained to
a single client application. You generate a password for your email
client and it can connect with that password. If that password gets
stolen, the attacker has temporary access to your data. They cannot
change your password and lock you out. When you find out, you revoke
the leaked password and generate a new one, and then the attacker is
locked out and your account is no longer compromised.
next prev parent reply other threads:[~2022-06-07 10:02 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-03 5:59 gmail+imap+smtp (oauth2) Uwe Brauer
2022-05-03 6:27 ` Jostein Kjønigsen
2022-05-03 20:44 ` Uwe Brauer
2022-05-04 7:22 ` Robert Pluim
2022-05-04 8:43 ` Tim Cross
2022-05-05 12:57 ` Uwe Brauer
2022-05-05 13:48 ` Robert Pluim
2022-05-08 14:36 ` Uwe Brauer
2022-05-08 16:00 ` Robert Pluim
2022-05-08 16:40 ` Uwe Brauer
2022-05-09 8:38 ` Robert Pluim
2022-05-10 6:29 ` Uwe Brauer
2022-05-10 8:13 ` Robert Pluim
2022-06-02 15:15 ` [app password does not work (at the moment)] (was: gmail+imap+smtp (oauth2)) Uwe Brauer
2022-06-02 15:37 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Uwe Brauer
2022-06-03 14:04 ` [SOLVED (magic?)] Robert Pluim
2022-06-06 6:49 ` Uwe Brauer
2022-06-06 7:47 ` Robert Pluim
2022-06-06 18:55 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Tomas Hlavaty
2022-06-06 19:07 ` tomas
2022-06-06 19:37 ` Tomas Hlavaty
2022-06-07 4:35 ` tomas
2022-06-07 5:52 ` Tomas Hlavaty
2022-06-07 7:09 ` [Clarification] (was: [SOLVED (magic?)]) Uwe Brauer
2022-06-07 10:02 ` Yuri Khan [this message]
2022-06-07 16:24 ` [Clarification] Uwe Brauer
2022-06-07 7:15 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) tomas
2022-06-09 22:30 ` Richard Stallman
2022-06-07 5:44 ` [SOLVED (magic?)] Byung-Hee HWANG
2022-06-07 6:04 ` Tomas Hlavaty
2022-06-07 7:14 ` tomas
2022-06-09 22:29 ` Richard Stallman
2022-06-10 7:43 ` Eli Zaretskii
2022-06-12 0:44 ` Richard Stallman
2022-06-12 5:02 ` tomas
2022-06-15 10:05 ` Richard Stallman
2022-06-09 22:30 ` Richard Stallman
2022-06-07 23:18 ` [SOLVED (magic?)] (was: [app password does not work (at the moment)]) Richard Stallman
2022-05-05 13:56 ` gmail+imap+smtp (oauth2) Tim Cross
2022-05-05 13:58 ` Filipp Gunbin
2022-05-05 20:13 ` Jorge A. Alfaro-Murillo
2022-05-05 21:44 ` Thomas Fitzsimmons
2022-05-06 0:43 ` Tim Cross
2022-05-06 8:01 ` Tomas Hlavaty
2022-05-06 9:04 ` Tim Cross
2022-05-06 11:38 ` Stefan Monnier
2022-05-06 12:02 ` tomas
2022-05-06 12:06 ` Lars Ingebrigtsen
2022-05-06 12:46 ` Stefan Monnier
2022-05-06 13:05 ` Tim Cross
2022-05-11 9:01 ` Richard Stallman
2022-05-11 9:01 ` gmail+imap+smtp (davmail) Richard Stallman
2022-05-11 9:43 ` Eric S Fraga
2022-05-13 15:08 ` Richard Stallman
2022-05-06 12:49 ` gmail+imap+smtp (oauth2) Tim Cross
2022-05-06 13:23 ` Eric S Fraga
2022-05-06 13:40 ` tomas
2022-05-06 12:34 ` Tim Cross
2022-05-06 12:34 ` Tim Cross
2022-05-06 16:49 ` Tomas Hlavaty
2022-05-06 16:41 ` Tomas Hlavaty
2022-05-06 16:38 ` Tomas Hlavaty
2022-05-06 18:55 ` Tim Cross
2022-05-06 19:57 ` Stefan Monnier
2022-05-08 23:36 ` Richard Stallman
2022-05-09 0:26 ` Tim Cross
2022-05-10 6:53 ` Tomas Hlavaty
2022-05-11 9:04 ` Richard Stallman
2022-05-11 23:38 ` Tomas Hlavaty
2022-05-12 9:16 ` Tomas Hlavaty
2022-05-12 16:51 ` Thomas Fitzsimmons
2022-05-15 23:37 ` Richard Stallman
2022-05-12 7:10 ` Tomas Hlavaty
2022-05-12 9:03 ` Tomas Hlavaty
2022-05-06 23:18 ` Richard Stallman
2022-05-06 10:30 ` Eric S Fraga
2022-05-08 23:37 ` Richard Stallman
2022-05-09 5:13 ` tomas
2022-05-09 12:25 ` Eric S Fraga
2022-05-09 23:20 ` Richard Stallman
2022-05-11 9:47 ` Eric S Fraga
2022-05-13 15:08 ` Richard Stallman
2022-05-12 10:36 ` Richard Stallman
2022-05-13 6:58 ` Eric S Fraga
2022-05-16 23:25 ` Richard Stallman
2022-05-12 14:12 ` Jorge A. Alfaro-Murillo
2022-05-13 8:57 ` Eric S Fraga
2022-05-13 18:49 ` Roland Winkler
2022-05-14 9:57 ` Eric S Fraga
2022-05-05 18:37 ` Richard Stallman
2022-05-05 19:13 ` Stefan Monnier
2022-05-05 19:52 ` Stefan Monnier
2022-05-05 20:10 ` Uwe Brauer
2022-05-06 0:32 ` Tim Cross
2022-05-06 23:18 ` Richard Stallman
2022-05-06 23:42 ` Brian Cully via Emacs development discussions.
2022-05-06 1:46 ` Ihor Radchenko
2022-05-06 23:18 ` Richard Stallman
2022-05-03 23:40 ` Richard Stallman
2022-05-04 2:05 ` Tim Cross
2022-05-04 5:13 ` tomas
2022-05-04 13:34 ` Thomas Fitzsimmons
2022-05-04 14:38 ` Stefan Monnier
2022-05-04 14:58 ` Robert Pluim
2022-05-04 14:48 ` Tim Cross
2022-05-04 15:41 ` Thomas Fitzsimmons
2022-05-05 18:37 ` Richard Stallman
2022-05-06 8:34 ` Tomas Hlavaty
2022-05-06 23:18 ` Richard Stallman
2022-05-07 3:22 ` Tim Cross
2022-05-08 23:35 ` Richard Stallman
2022-05-09 0:01 ` Tim Cross
2022-05-10 7:11 ` Tomas Hlavaty
2022-05-10 7:51 ` Tim Cross
2022-05-10 11:44 ` Tomas Hlavaty
2022-05-10 12:39 ` Tim Cross
2022-05-11 9:52 ` Eric S Fraga
2022-05-11 9:01 ` Richard Stallman
2022-05-11 9:01 ` Richard Stallman
2022-05-11 12:03 ` Tim Cross
2022-05-13 15:10 ` Richard Stallman
2022-05-11 9:01 ` Richard Stallman
2022-05-11 12:33 ` Tim Cross
2022-05-11 14:08 ` Tim Cross
2022-05-14 14:12 ` Richard Stallman
2022-05-13 15:10 ` Richard Stallman
2022-05-14 10:02 ` Eric S Fraga
2022-05-16 23:25 ` Richard Stallman
2022-05-14 21:43 ` chad
2022-05-15 5:04 ` tomas
2022-05-05 18:36 ` Richard Stallman
2022-05-06 0:37 ` Tim Cross
2022-05-04 15:35 ` Óscar Fuentes
2022-05-04 15:48 ` Robert Pluim
2022-05-04 16:01 ` Óscar Fuentes
2022-05-04 16:48 ` Tim Cross
2022-05-05 18:36 ` Richard Stallman
2022-05-05 21:34 ` Brian Cully via Emacs development discussions.
2022-05-05 22:13 ` Stefan Monnier
2022-05-06 23:18 ` Richard Stallman
2022-05-06 0:54 ` Tim Cross
2022-05-06 2:21 ` Brian Cully via Emacs development discussions.
2022-05-06 23:18 ` Richard Stallman
2022-05-06 23:19 ` Richard Stallman
2022-05-06 23:47 ` Brian Cully via Emacs development discussions.
2022-05-04 16:45 ` Tim Cross
2022-05-04 16:33 ` Tim Cross
2022-05-06 23:17 ` Richard Stallman
2022-05-04 17:01 ` Cesar Crusius
2022-05-05 1:57 ` Tim Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAP_d_8UQUZ7N5FgLH_hr8iA3ZDSG87t_6PC626RSKnqwWnreuw@mail.gmail.com \
--to=yuri.v.khan@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).