Is multi factor authentication practical/feasible?

Michael Peddemors michael at
Wed Jul 6 22:12:42 UTC 2022

On 2022-07-06 10:17, gene heskett wrote:
>> As far as I can see from what I tested today (mainly switching my 
>> Thunderbird from "Normal Password" to "OAuth"), Clients effectively 
>> *have* to be "also a browser" (rendering the HTML for O365's login 
>> prompts, accepting and sending user input, storing the OAuth token as 
>> a HTTP cookie) to be able to do that. SMTP remains exempt from the 
>> requirement for now, on the theory that printers and the like may want 
>> to use it, and not be up to implementing the new stuff. (Otherwise, 
>> MS' position can be summarized as "our clients work great, Thunderbird 
>> succeded in implementing it, if your client doesn't, go nag the vendor".)

> And one more time we have allowed a sworn enemy to set the standard, 
> shame on us.

Getting a little off topic, but yes.. I believe Dovecot also sees the 
threat for all it's users, if authentication processes are forced in a 
direction that only favours the big three.

Which is why I hope it gets more open with allowing 3rd parties to 
contribute to Dovecot as plugins, that support other methods of 2FA..

Sworn Enemy? Not if you have shares in your 401k/RRSP they aren't. 
These are smart business moves to consolidate the market for them, which 
in turn means stock prices go up.

But it will be a terrible world, if interoperability between independent 
email providers, and the big three area threatened, or if they are 
forced to 'drink the koolaid'.

But it is nice to see products like Thunderbird and other supporting 
alternative means of 2FA, just like to see Dovecot support them as well 
natively, or through plugins.

Just my two bits..

"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at @linuxmagic
A Wizard IT Company - For More Info
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

More information about the dovecot mailing list