Strategies for protecting IMAP (e.g. MFA)
Ralph Seichter
ralph at ml.seichter.de
Sat Nov 13 22:41:44 UTC 2021
* Tyler Montney:
> Since this is getting increasingly complicated, I wanted to ask before
> going further. What do you all do? Any recommendations?
Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) passwords which are used only once (!) and kept
either in the user's brain or in an encrypted password store. Ensure
that authentication data can only be transmitted over encrypted
connections.
These measures cover a lot of ground, if the users are sufficiently
disciplined. Users are usually the weakest link.
-Ralph
More information about the dovecot
mailing list