Is multi factor authentication practical/feasible?

justina colmena ~biz justina at
Sat Jul 2 15:32:21 UTC 2022

Guns are banned and there's a night guard with a Big Mag flashlight or a 
billy club walking the beat around the bank, kicking a homeless man who 
fell asleep on the sidewalk to tell him wake up or your pocket's going be 
picked clean by morning, because you've got too much money in your name for 
your own good anyways, if you've got any teeth left in your mouth or can 
afford the dentist's bill for that.

On Saturday, July 2, 2022 12:15:09 AM AKDT, Marc wrote:
>> 		I have a small client whose insurance company insists they
>> have MFA for their email to be covered under some kind of data
>> protection policy. Currently I have the client set up on a Debian box
>> for the email server coupled with roundcube for webmail. Most the users
>> just use roundcube but some also use their mobile devices to check ...
> The two factor became necessary for the big 'moron' companies 
> who decided to start using email addresses as logins so it was 
> easier to track people, because in that situation you only have 
> to try commonly used passwords or passwords used at a different 
> application.
> If you stay with an username that is not published publicly, 
> the commonly known password is still useless, since you do not 
> have the username.
> I think for a small organization you can push this 
> implementation at the insurance company. Unless of course they 
> do not think ios and windows are not secure enough to store your 
> username ;)

More information about the dovecot mailing list