What security level for your email?
I'm curious what security level you use on your email accounts? I do not use desktop apps, though I do use an email app on my Android phone. For my main account I use the typical username and password (long and unique), plus I have 2-factor authentication via a physical security key. For Gmail I could be using Passkeys instead, but not 100% sure I want to go there yet. I'm wary of using IMAP and POP on accounts since they seem to be possible security problems. Still, despite any security I use at my end, it all comes down to how well the company is implementing security at their end. For example, what type of password recovery or account recovery security do they use? Do they store your passwords securely? Or, maybe the better philosophy is just to delete your emails fairly often so there is little there worth finding, though once they have control of an email address they might be able to access other accounts like banks and investments.
|
What do you mean by
"I'm wary of using IMAP and POP on accounts since they seem to be possible security problems." How else can you access mail on a server? (Maybe you meam you login to some webmail system ... but surely it then has to access the server by POP (unlikely) or IMAP (or its successor)?) |
Quote:
|
So ... IIUC you're saying that an https: connection to a webmail session (which internally uses IMAP to talk to the backend servers) is "secure" but an external client talking directly to the server over a secured (TLS or whatever) connection isn't?
Why do you think that? What /specifically/ are the "possible security problems"? |
Quote:
|
Thunderbird supports OAuth2. Both Gmail and Fastmail use that when you connect to your account using Thunderbird. Presumably that authentication is just as secure as logging into the web site.
Still, it looks like you may be making a somewhat different point. I take it that you disable POP and IMAP access in your Gmail settings to reduce the number of attack surfaces exposed by your account. So, if I understand correctly, the question is, just how secure can one make one's account? That's a question I think about myself. With respect to a Gmail account, I can't think of anything you are not already doing (apart from making the move to Passkeys, as you noted). To your last point, Troy Hunt (Have I Been Pwned) once characterized email addresses as the skeleton key to one's life. If somebody gets access to your email account, they get everything: your bank account, your health records, etc. So, you obviously want to be very careful about where your email account is hosted. Setting aside the privacy concerns associated with Google, Gmail may be about as secure as you can get. |
Quote:
Even OAuth has its vulnerabilities. Quote:
Quote:
|
OK, I understand better now.
When you say "an email app" on your phone ... that strikes me (depending on where it came from) as maybe a potential security hole. I think I'd trust a generic webmail system running on a mail provider's servers & a stable browser more. There's also a risk if you lose the phone especially if it was unlocked at the time. |
Quote:
|
Quote:
|
All times are GMT +9. The time now is 07:30 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy