Using Google's "two factor authentication"

Marc MERLIN marc at merlins.org
Sat Apr 7 22:19:42 BST 2012


On Sat, Apr 07, 2012 at 04:14:40PM -0500, Paul Hinze wrote:
> Ђорђе Тодоровић-- <postmanmiler at gmail.com> on 2012-04-06 at 18:31:
> > BTW, what is the purpose of having a "two factor auth" if the attacker only
> > needs to get my offlineimap password.
> 
> You're right I think the implementation of "authorized application"
> passwords does increase your surface area for attack. The ideal would be

My understanding is that ASPs do not allow access to things like google
checkout for instance, so you're better off putting that in a config file
than your master password.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  




More information about the OfflineIMAP-project mailing list