Is multi factor authentication practical/feasible?
gene heskett
gheskett at shentel.net
Wed Jul 6 23:29:49 UTC 2022
On 7/6/22 18:15, Michael Peddemors wrote:
> On 2022-07-06 10:17, gene heskett wrote:
>>> As far as I can see from what I tested today (mainly switching my
>>> Thunderbird from "Normal Password" to "OAuth"), Clients effectively
>>> *have* to be "also a browser" (rendering the HTML for O365's login
>>> prompts, accepting and sending user input, storing the OAuth token
>>> as a HTTP cookie) to be able to do that. SMTP remains exempt from
>>> the requirement for now, on the theory that printers and the like
>>> may want to use it, and not be up to implementing the new stuff.
>>> (Otherwise, MS' position can be summarized as "our clients work
>>> great, Thunderbird succeded in implementing it, if your client
>>> doesn't, go nag the vendor".)
>
>
>> And one more time we have allowed a sworn enemy to set the standard,
>> shame on us.
>
> Getting a little off topic, but yes.. I believe Dovecot also sees the
> threat for all it's users, if authentication processes are forced in a
> direction that only favours the big three.
>
> Which is why I hope it gets more open with allowing 3rd parties to
> contribute to Dovecot as plugins, that support other methods of 2FA..
>
> Sworn Enemy? Not if you have shares in your 401k/RRSP they aren't.
> These are smart business moves to consolidate the market for them,
> which in turn means stock prices go up.
>
Yes, many years ago, what little I knew about windows nt-3.51 led me to
believe it had a timer set for a random number in the 2 to 4 year category,
that deleted its main dll when the timer expired, I put the drive in a
different
machine and dug around in it after it failed in the night, and the
failure was
costing us around 5g's a day in airing the wrong commercials for our market
area. I did find a suspicious shell script, but didn't find the timer.
So time was of the essence and since it was a CBS supplied machine
I had no access to its license number so the support person refused to
supply
the now missing library and called me a pirate several times during our
conversation. To this day I may be forced to buy a windows license as part
of the sale, but the windows install will be wiped when it arrives on my
property. So I either build my own, or buy used w/o a hard drive and
sticker.
Old Dells, with linux installed have a lot of miles left in them.
So other than that, we're on the same page.
> But it will be a terrible world, if interoperability between
> independent email providers, and the big three area threatened, or if
> they are forced to 'drink the koolaid'.
>
I can't drink the koolaid, way too much sugar and I'm a DM-II for nearly 40
years.
> But it is nice to see products like Thunderbird and other supporting
> alternative means of 2FA, just like to see Dovecot support them as
> well natively, or through plugins.
Since my own net provider's mail server is dovecot, and so far it Just
Works,
I am happy but concerned because being the only game on this ball of rock
and water is BG's dream.
>
> Just my two bits..
>
Mine too. Take care and stay well, Michael Peddemors
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/>
More information about the dovecot
mailing list