I'm glad you asked. Heres the challenge:
When I travel overseas I sometimes need to use a computer at an internet cafe to access my email via a browser. I use Googles Authenticator to generate a OTP that I use with Roundcube so I have two factor authentication. All seems secure right? Wrong. If someone records my login credentials on the untrusted internet computer then they can use those login credentials to access my email via IMAP (ie: Thunderbird). (its happened before)
Yes, I know I should use my own trusted device but in some cases that just is NOT an option.
Therefore, how can I access my email via a browser that is safe from keyloggers at internet cafes? I'm open to all ideas at this point!
What I was originally thinking was having a second copy of my mailbox that was updated every hour (from my live mailbox) and that I had a separate login to it that ONLY had rights to read/send via Roundcube (ie: No access with IMAP clients such as Thunderbird, K9 etc).
I was thinking of using Application Specific Passwords but this doesn't solve the issue either as once sometime records my login credentials that can use it to access IMAP.
Roundcube is secure in all of this...its IMAP that I am battling with securing...
On 05/05/2014 21:13, Professa Dementia wrote:
On 5/5/2014 1:05 PM, SIW wrote:
Thats a good point.
If I block IMAP/SMTP access to ONE user does that mean that particular user can't use Roundcube anymore? That is correct. If you block IMAP, then webmail will not work.
Webmail clients are just IMAP proxies. If the roundcube you want the user to utilize is running on a specific server, then you can allow IMAP only from the IP address of that server.
However, usually when I hear an admin wanting to restrict only one user to some limited access option, it is usually a policy issue and not a technical one. Trying to employ a technical solution is usually the wrong way of doing it.
Why are you trying to limit just this one user?
Dem