Strategies for protecting IMAP (e.g. MFA)

Marc Marc at f1-outsourcing.eu
Sun Nov 14 10:19:18 UTC 2021


>30(?) years ago the majority of systems were using a user name to access mail. Then the 'I want to track everyone companies' made logging in with email the standard that everyone blindly followed. Now decades later the brute forcing of known passwords etc is a problem, mostly because the login is publicly known, so we have to address this with the 2FA preferably giving even more private information about the user like phone number or high school name, pet name etc.

And this is sort of funny because we had 'a simple' 2fa system where the user name and password were not publicly known. (at least to me, because scans on my servers are 99%(?) email address login attempts)

> 
> why is this funny ?


More information about the dovecot mailing list