[Users] Migrating account authentication from basic POP to OAuth2

Paul paul at claws-mail.org
Wed Dec 21 10:41:28 UTC 2022


On Mon, 19 Dec 2022 18:15:32 +0100
Paul Rolland <rol at witbe.net> wrote: 

> No, I mean "basic authentication with POP3", the "legacy one" that was
> defined in POP3 RFC (User xxx, Pass yyy).

OK. But, of course, you've been using TLS to secure your log-in up to now.

There seemed to be a subtext to your original, as if you were somehow
improving your security by switching to oauth2, when using a username and
password with TLS is no less secure than oauth2.

There always seems to be this subtext, that somehow oauth2 is more secure,
being stressed, and not enough refuting of it. If you use "12345" or similar
weak passwords, and you reuse those passwords across all your log-ins then,
yes, oauth2 can help. But no-one in their right mind would do that. In my
view, it is always better to educate than secure people in their ignorance.

with regards

Paul


More information about the Users mailing list