From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Yuri Khan Newsgroups: gmane.emacs.devel Subject: Re: [Clarification] (was: [SOLVED (magic?)]) Date: Tue, 7 Jun 2022 17:02:45 +0700 Message-ID: References: <87mtfs2ev9.fsf@gmail.com> <874k20vuy4.fsf@mat.ucm.es> <87ilqf2j92.fsf@gmail.com> <87a6bpsxxk.fsf@mat.ucm.es> <874k1x7qkw.fsf@gmail.com> <875yljjdvg.fsf_-_@mat.ucm.es> <87pmjrgjpy.fsf_-_@mat.ucm.es> <87r141wrip.fsf@logand.com> <87r141twgw.fsf@logand.com> <87o7z5t3yv.fsf@logand.com> <87zgiphrui.fsf_-_@mat.ucm.es> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="40123"; mail-complaints-to="usenet@ciao.gmane.io" To: Emacs developers Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Jun 07 12:40:50 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nyWdm-000ABc-Bq for ged-emacs-devel@m.gmane-mx.org; Tue, 07 Jun 2022 12:40:50 +0200 Original-Received: from localhost ([::1]:53184 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nyWdk-0008Cx-S1 for ged-emacs-devel@m.gmane-mx.org; Tue, 07 Jun 2022 06:40:48 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37572) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyW3E-0007sC-Ch for emacs-devel@gnu.org; Tue, 07 Jun 2022 06:03:07 -0400 Original-Received: from mail-yb1-xb30.google.com ([2607:f8b0:4864:20::b30]:44906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nyW38-0005uZ-SI for emacs-devel@gnu.org; Tue, 07 Jun 2022 06:03:04 -0400 Original-Received: by mail-yb1-xb30.google.com with SMTP id y188so802353ybe.11 for ; Tue, 07 Jun 2022 03:02:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=j1BZLHBbdschGjiox9qnc3fsOowKl9RcHpSOXeQJBxg=; b=lY3hDEibPG9rG4/6wgHnd/0xJjaUWljxqJLYPClbYEma1njnXhT9faZk11RF2HK6qP uR38lO0Sl5FBx+Q42hsDKwFu2DwBIrM9QtbjK7vu1L72mfI041Kn9m8WqaUEiNlY2jpB UY8lvOZ8+zKLJsd8X4fU8Pf9hf4/LdvzRqV6y2L0BXaFOwh5Fxh4UQZFB2OHx+CIf47B IzVu7aMlu5SwGRV69T+3D4eWnyhKHP6oQEDT+rSueXSdihk0Gd3qM7hjiuez+rKF63TH yc2+afAjZPNrRGqVk9aYGReBEqVKRHhXKozCTTfDxAdSA5M6gB70uVJNNazkTgigwzEB dFNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=j1BZLHBbdschGjiox9qnc3fsOowKl9RcHpSOXeQJBxg=; b=lIASYDVDJWP5EAHHzqWM//cxsqPZB6Cx2VTgQw4r/Z/mhPXm2/+6e6KaFJf4hSRxXu yM2sdOILnpGIq7335MGJ7TztpF37jAfYGO8q1yE47nPf1DsyyqBR+ROeRrCdtcHQubGO 1K77xUaG5R4wr4rfK/oQ8jIem58JwiDavRfQ9/lGOw6btGmonzYsRSg/ETMOvOtvNrKE uS3dekSIuzVclE+/qFv2C5lRi2+OqFxqwm2min7l27j8oYB4xWJ5dzzIomH5UZ/oU9Sk 32Rxm4fj1iW8kGjQQ6jTUkAN8uSY/oLN/hQ/Qj+JAgtT6Rv6nyJDRNoAlpbWJahiB7hR ScVQ== X-Gm-Message-State: AOAM533QJbD4NfzkejrPJIVcYXK0aVfLbYiZYuu/c/8O6uoJ55vNSJEM v3ehCv3VAK4O4cAwqj8HNv52BeqwMEGr639GU69nFiWE X-Google-Smtp-Source: ABdhPJzZ5VQyyg2rnewSMxuSDC682h/DTah+fDQ7+OXtG67p+BibhAU3QRR5hv8MzG2Meh7FtHbkng/gPIjy9uL0cD0= X-Received: by 2002:a25:6b47:0:b0:65c:baf6:3924 with SMTP id o7-20020a256b47000000b0065cbaf63924mr29329466ybm.485.1654596176504; Tue, 07 Jun 2022 03:02:56 -0700 (PDT) In-Reply-To: <87zgiphrui.fsf_-_@mat.ucm.es> Received-SPF: pass client-ip=2607:f8b0:4864:20::b30; envelope-from=yurivkhan@gmail.com; helo=mail-yb1-xb30.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:290840 Archived-At: On Tue, 7 Jun 2022 at 14:16, Uwe Brauer wrote: > as Tim and other pointed out, I can use, what google calls a app > password that I have to generate. I find this a bizarre > design/security decision since this password is considerably > shorter than my original imaps/smtps password. I can try to explain the idea of app passwords, and then maybe they will not seem as bizarre to you. What we start with is a single Google account, with a single password, and all client applications using this password. Easy to configure, bad for security: most users will choose a weak password and store it in many configuration points, and if it leaks or is stolen from any of those, the whole account is compromised. The attacker can use your master password to log in and change your password, and then you are locked out. On the other hand, with app passwords, each password is constrained to a single client application. You generate a password for your email client and it can connect with that password. If that password gets stolen, the attacker has temporary access to your data. They cannot change your password and lock you out. When you find out, you revoke the leaked password and generate a new one, and then the attacker is locked out and your account is no longer compromised.