Strategies for protecting IMAP (e.g. MFA)

Tyler Montney montneytyler at gmail.com
Sat Nov 13 23:03:16 UTC 2021


"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"

Again, since it's just me, this is do-able. But I'm looking for something
practical as well.
I'm getting the feeling that people don't have an MFA implementation.

"if the users are sufficiently discipline"

As a Sysadmin, I can tell you they genuinely are not and they likely never
will be.
Hope for the best, plan for the worst.

I also want to clarify that I'm not rejecting any of these suggestions,
they're all good.

On Sat, Nov 13, 2021 at 4:42 PM Ralph Seichter <ralph at ml.seichter.de> wrote:

> * Tyler Montney:
>
> > Since this is getting increasingly complicated, I wanted to ask before
> > going further. What do you all do? Any recommendations?
>
> Use strong (as in long and/or randomised and impossible to break using
> rainbow table attacks) passwords which are used only once (!) and kept
> either in the user's brain or in an encrypted password store. Ensure
> that authentication data can only be transmitted over encrypted
> connections.
>
> These measures cover a lot of ground, if the users are sufficiently
> disciplined. Users are usually the weakest link.
>
> -Ralph
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211113/d052b533/attachment.html>


More information about the dovecot mailing list