BornDeranged Posted November 20, 2022 Share Posted November 20, 2022 Hello everybody, since an email account is still critical as an identity "provider" for many services, I feel that it should also be secured by 2FA. In my specific case, I use a personal domain, and access to the DNS configuration is indeed via a web page that is secured with a 2FA. OTOH, my email provider only supports 2FA for web access, but not for IMAP and SMTP since those protocols have no specific 2FA integration. They could have done the same as they did for the web page, i.e. concatenating password and a token, but they don't. So there's not much I can do except having a rather lengthy password. So what is the best practice in this area? I can think of using a service that uses a proprietary service rather than the standard protocols (such as Microsoft or Protonmail do), but that sound counter-intuitive to me. How do you protect your email account? Regards, -Patrick Link to comment Share on other sites More sharing options...
hyperreality Posted November 20, 2022 Share Posted November 20, 2022 (edited) So your concern is that IMAP/SMTP only require a single authentication factor? IMO this is less of a concern, since these are passwords you hardly ever use, besides typing in once to a mail provider to configure your mail client. If the password is complex, unique, and encryption is enabled, then there's little potential for that authentication method to be guessed or phished. If the provider is hacked, there's worse things they can do. Perhaps the main threat scenario here is if your computer running the mail client gets silently hacked, and your IMAP password is stolen, allowing an attacker to undetectably siphon your email even after they've been evicted from your system. Edited November 20, 2022 by hyperreality Link to comment Share on other sites More sharing options...
BornDeranged Posted November 21, 2022 Author Share Posted November 21, 2022 12 hours ago, hyperreality said: So your concern is that IMAP/SMTP only require a single authentication factor? IMO this is less of a concern, since these are passwords you hardly ever use, besides typing in once to a mail provider to configure your mail client. If the password is complex, unique, and encryption is enabled, then there's little potential for that authentication method to be guessed or phished. If the provider is hacked, there's worse things they can do. Perhaps the main threat scenario here is if your computer running the mail client gets silently hacked, and your IMAP password is stolen, allowing an attacker to undetectably siphon your email even after they've been evicted from your system. Yes exactly. A password is still a static item, which only needs to be leaked once in order for a breach. Any 2FA would add a dynamic item which is missing here. It strikes me as sub-optimal that my identity would be easier to hack than my user on a random website, since many of those nowadays permit at least TOTP. Link to comment Share on other sites More sharing options...
Chauke Posted November 21, 2022 Share Posted November 21, 2022 I have seen some Providers that are allowing OTP for 2FA, like Yahoo. You can use an app like FreeOTP from Redhat. I did not try to use it with OTP but it looks promising. https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=de&gl=US&pli=1 https://de.hilfe.yahoo.com/kb/SLN5013.html?guccounter=1&guce_referrer=aHR0cHM6Ly9ndWNlLnlhaG9vLmNvbS8&guce_referrer_sig=AQAAAAoAMj6tv269CcBQdXbQQRdCMhlGwChGFmSZ5KQYnx2AJHqHj1B6QrqPMAjFCeYHzsjSDhiF3TLNPjzv9DZs9lye_UNp943FHJu5kwXRRXW6VyFp31W__9MiZg3U9CvTS2Mc0bsWa4ddb866ddX05y5e2y6WvH7ESA86S0mSHmNJ Link to comment Share on other sites More sharing options...
MilkshakesBot Posted November 22, 2022 Share Posted November 22, 2022 I use a way to long password and then a OTP password to just get into mine. However I try to run all my email through PGP so for 90% of my emails I also have to have the PGP key to decrypt the mail. So even if you got in you wouldn't be able to tell what a message says, just where it came from. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now