[Users] Gmail 'less secure app access'

lmfrm lmfrm at nanogroup.xyz
Thu Mar 10 03:52:09 CET 2022 

Ditch Google and gmail, they are only going to get worse and railroad
their userbase into less secure and inconvenient experiences.

There are other better and FAR more secure options out there. ProtonMail is
better than Gmail but I don't recommend them because they're also
breaking security in many ways. They are free, however.

Not just my opinion: passwords and authentication are overrated and
obsolete as hackers become more of a problem. If someone is trying to
attack you all the passes and auth won't save you. In fact, oauth can
hurt you if you use it on a really insecure device like a smart phone
which can be easily compromised in under half an hour, and if they are
at that level they might also target other devices, especially if
they're being connected physically or linked by IP. Smart phones are
impossible to have reasonable security with unless you're a super geek
and spend your spare time maintaining open source devices like
Pinephone.

Plus, if you lose your or drop and break phone you'll be locked out of
your account and have to reset oauth, assuming the service you're using
allows you to. The oauth security model assumes you having control of
two separate devices will help guarantee that only you control your
accounts. Well, I haven't looked at emperical statistical data on this
matter but it seems to me you have a higher probability of losing or
dropping and breaking your smart phone than someone trying to break
into your account.

I personally think it's better to just use one device for auth/login,
which eliminates dependency on (and costs of) smart phones, which
themselves are a major security hazard, not only to your account, but
you personally. So long as you have a way to contact your service to
let them know if your account got compromised and have a way to prove
your identity, and you keep offline backups of any data stored on that
account, then I think that's reasonable security for the average
person. Just owning and using a smart phone breaks security
massively and isn't worth it.

FWIW, here's my list of e-mail providers you might look into. I ditched
Google long ago and have found solutions for everything. I don't need
them except for internet searches sometimes. (Brave search works okay
much of the time!) Google's goal is to hook as many people as possible
and exploit them. It's important to boycott such monopolies and flock to
alternatives, if not to let Google die off, to save what little privacy
and security you have.

paid
----
https://mailbox.org
https://fastmail.com
https://countermail.com

free
----
https://anonbox.net/
https://mailfence.com/en/
https://vfemail.net/
https://protonmail.com/

On Wed, 9 Mar 2022 17:18:46 -0800
Geoffrey Leach <geoff at hughes.net> wrote:

> 
> 
> --- Start of PGP/Inline encrypted data ---
> I'm in the process of setting up POP3 access to my gmail account.
> Turns out that Google does not like the name/password authentication
> used by POP3, requiring the Gmail account to be configured to permit
> 'less secure app access'.
> 
> Well and good, except that that feature goes away on May 30.
> Thereafter two-factor login will be required.
> 
> Thoughts?
> _______________________________________________
> Users mailing list
> Users at lists.claws-mail.org
> https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users
> --- End of PGP/Inline encrypted data ---
> 
>

More information about the Users mailing list