|
Thunderbird supports OAuth2. Both Gmail and Fastmail use that when you connect to your account using Thunderbird. Presumably that authentication is just as secure as logging into the web site.
Still, it looks like you may be making a somewhat different point. I take it that you disable POP and IMAP access in your Gmail settings to reduce the number of attack surfaces exposed by your account. So, if I understand correctly, the question is, just how secure can one make one's account? That's a question I think about myself. With respect to a Gmail account, I can't think of anything you are not already doing (apart from making the move to Passkeys, as you noted).
To your last point, Troy Hunt (Have I Been Pwned) once characterized email addresses as the skeleton key to one's life. If somebody gets access to your email account, they get everything: your bank account, your health records, etc. So, you obviously want to be very careful about where your email account is hosted. Setting aside the privacy concerns associated with Google, Gmail may be about as secure as you can get.
|