Re: Strategies for protecting IMAP (e.g. MFA)
Don't use email addresses as login ;)
- - - - - - - - - - - - - - - - - - - - - - - - - - - -. F1 Outsourcing Development Sp. z o.o. Poland
t: +48 (0)12 4207 835 e: marc@f1-outsourcing.eu
He suggested we use should alias as public email? but most providers don't have aliases such as gmail.
On Sun, Nov 14, 2021 at 4:48 PM Benny Pedersen <me@junc.eu> wrote:
On 2021-11-14 09:39, Marc wrote:
Don't use email addresses as login ;)
why is this funny ?
30(?) years ago the majority of systems were using a user name to access mail. Then the 'I want to track everyone companies' made logging in with email the standard that everyone blindly followed. Now decades later the brute forcing of known passwords etc is a problem, mostly because the login is publicly known, so we have to address this with the 2FA preferably giving even more private information about the user like phone number or high school name, pet name etc.
And this is sort of funny because we had 'a simple' 2fa system where the user name and password were not publicly known. (at least to me, because scans on my servers are 99%(?) email address login attempts)
why is this funny ?
participants (3)
-
Benny Pedersen
-
Marc
-
pyh