[Users] Can't login to my GMail IMAP acct

Slavko linux at slavino.sk
Fri Jun 10 17:37:42 CET 2022


Ahoj,

Dňa Fri, 10 Jun 2022 18:36:16 +0200 Ralf Mardorf via Users
<users at lists.claws-mail.org> napísal:

> Insecure are demands, e.g. if a password must contain 10 chars, 1
> special char, at least one upper and one lower case letter and 2
> numbers, this results in passwords such as 12AaBbCcD! , easy to crack
> and so are the 4 or 5 digit pins of common auth apps.

AFAIK, the problem which OAuth solves are not weak passwords, but reused
(leaked) passwords. OAuth doesn't store permanent passwords on client
side, thus no one stupid can reuse it...

> More obscure confusion never resulted in more security. Btw.
> responsible for Heartbleed was a German computer security Ph.D.
> candidate. Making an enterprise model out of computer security has
> less to do with expertise. Most of the times it's snake oil.

People does mistakes, i hope that we all know this. The problem is when
someone is doing something wrong, but establish feel, that it is OK.
Or, when someone ignores, that here are another way to access they
services than web browser (in this case).

Kerckhoff's principle tells, that security by obscurity doesn't work,
at least doesn't work for long time. I cannot tell now, if OAuth is
secure or provides only secure feel, we will see it after some time.
But my (long) army experiences learn me, that any weapon will soon or
later have anti-weapon, either direct or indirect...

Reading these never-ending gmail problems, i am really happy, that i
have no account (email hosted) there.

regards

-- 
Slavko
https://www.slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digit��lny podpis OpenPGP
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20220610/ac502597/attachment-0001.sig>


More information about the Users mailing list