command line email clients and gmail.com

Janina Sajka janina at rednote.net
Tue Jun 12 13:28:20 EDT 2018 

I don't think it's mutt that needs to use Google's dual authentication,
it's the user of Mutt.

I have had no issues using Google's dual authentication in several
years, since Linux Foundation first started requiring it some years ago.

In fact Google's dual authentication has become less onorous in recent
months. I've not been asked to reauthenticate in some time, across
several system reboots. If your IP address stays stable, I think you'll
find similar ease.

About 6 weeks ago I got a new Android phone. That prompted a validation
request, i.e. I'm confident authentication is still functioning.

I have used both Google's voice call second factor, as well as its SMS.
Assuming I'm home, I much prefer the former. From within Firefox, after
logging in with account ID and password, A google bot calls my voice
phone and reads out a 6 digit code for me to enter in the web form. From
there a TAB to Submit followed by Enter, and I'm in.

Because I've also chosen to register a few of my smart phone devices, I
may get a popup toast message on a registered device asking whether it
was really me that just tried logging in on my account. I can simply
double-tap the "Yes, that was me" button, and I'm in. This is what I did
on my old phone when I first brought my new phone on Google. Needless to
say, the new phone is now also registered.

Now I don't use Google's smtp as I have my own. However I would expect
similar behavior, meaning that you're logged in and registered with the
device you intend to use for outbound mail. It'll store your IP address,
and whatever additional machine identifying info it tracks--that I don't
know. Beyond that it's looking for a TLS cert, but I believe any valid
TLS should do the job.

Personally, I wouldn't want them to simply accept outbound mail, without
some kind of authentication. That would only serve as a vector for spam
amplification.

hth

Janina

Justin Skists writes:
> > On 11 June 2018 at 01:14 Chuck Hallenbeck <chuckhallenbeck at gmail.com> wrote:
> 
> > Anybody else able to use  gmail.com with that security feature
> > disabled, as google advises?  Suggestions appreciated.
> 
> Unless mutt and co. start using Google's OAuth and two-factor authentication (like some of the newer GUI clients), it may be impossible to continue to use gmail.com for SMTP and IMAP unless you keep the insecure security settings.
> 
> I used to use gmail.com as my kernel development address, but then I started migrating away from it after seeing this news article suggesting that gmail was becoming more-and-more a walled garden:
> 
> https://www.theregister.co.uk/2018/04/16/google_gmail_security/
> 
> 
> Justin.
> _______________________________________________
> Speakup mailing list
> Speakup at linux-speakup.org
> http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup

-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa

More information about the Speakup mailing list