why gmail claims balsa (and other email clients) are "less secure"
- From: Jack <ostroffjh users sourceforge net>
- To: balsa-list gnome org
- Subject: why gmail claims balsa (and other email clients) are "less secure"
- Date: Tue, 26 Jul 2016 16:45:44 -0400
I'm starting a new thread for this, since all the other attempts to
track down TLSv1.2 are essentially irrelevant to this discussion.
While Google does list a few specific email clients, I believe this
label applies to almost all PC/iOS/android email clients.
I finally did enough googling to discover that Google applies the "less
secure" label to any email client that does not use OAuth 2.0. (You
can apparently get around this by setting up two factor authentication,
but I have not yet looked into the details to see exactly how Google
does this.) It seems Google is completely ignoring the use of an
encrypted channel, and is just complaining about the "third part app"
(balsa in this case) having your Google password.
It's not completely clear to me how much effort it would be for balsa
to incorporate OAuth 2.0, but given the discussions I've seen, it seems
it really is simple and not truly a security issue to just tick the
"allow less secure apps" in the gmail config.
Most of the discussions I've found on this end up taking a very cynical
view of Google's reasoning behind this, and I tend to agree.
Jack
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]