|
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption. |
|
Thread Tools |
16 Mar 2024, 10:46 PM | #1 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,840
|
What security level for your email?
I'm curious what security level you use on your email accounts? I do not use desktop apps, though I do use an email app on my Android phone. For my main account I use the typical username and password (long and unique), plus I have 2-factor authentication via a physical security key. For Gmail I could be using Passkeys instead, but not 100% sure I want to go there yet. I'm wary of using IMAP and POP on accounts since they seem to be possible security problems. Still, despite any security I use at my end, it all comes down to how well the company is implementing security at their end. For example, what type of password recovery or account recovery security do they use? Do they store your passwords securely? Or, maybe the better philosophy is just to delete your emails fairly often so there is little there worth finding, though once they have control of an email address they might be able to access other accounts like banks and investments.
|
17 Mar 2024, 02:18 AM | #2 |
Cornerstone of the Community
Join Date: Dec 2017
Location: Scotland
Posts: 508
|
What do you mean by
"I'm wary of using IMAP and POP on accounts since they seem to be possible security problems." How else can you access mail on a server? (Maybe you meam you login to some webmail system ... but surely it then has to access the server by POP (unlikely) or IMAP (or its successor)?) |
17 Mar 2024, 05:37 AM | #3 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,840
|
Quote:
|
|
17 Mar 2024, 07:18 AM | #4 |
Cornerstone of the Community
Join Date: Dec 2017
Location: Scotland
Posts: 508
|
So ... IIUC you're saying that an https: connection to a webmail session (which internally uses IMAP to talk to the backend servers) is "secure" but an external client talking directly to the server over a secured (TLS or whatever) connection isn't?
Why do you think that? What /specifically/ are the "possible security problems"? |
17 Mar 2024, 04:17 PM | #5 | |
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,962
|
Quote:
|
|
17 Mar 2024, 08:07 PM | #6 |
Member
Join Date: Jul 2014
Posts: 77
|
Thunderbird supports OAuth2. Both Gmail and Fastmail use that when you connect to your account using Thunderbird. Presumably that authentication is just as secure as logging into the web site.
Still, it looks like you may be making a somewhat different point. I take it that you disable POP and IMAP access in your Gmail settings to reduce the number of attack surfaces exposed by your account. So, if I understand correctly, the question is, just how secure can one make one's account? That's a question I think about myself. With respect to a Gmail account, I can't think of anything you are not already doing (apart from making the move to Passkeys, as you noted). To your last point, Troy Hunt (Have I Been Pwned) once characterized email addresses as the skeleton key to one's life. If somebody gets access to your email account, they get everything: your bank account, your health records, etc. So, you obviously want to be very careful about where your email account is hosted. Setting aside the privacy concerns associated with Google, Gmail may be about as secure as you can get. |
17 Mar 2024, 08:53 PM | #7 | |||
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,840
|
Quote:
Even OAuth has its vulnerabilities. Quote:
Quote:
|
|||
19 Mar 2024, 02:22 AM | #8 |
Cornerstone of the Community
Join Date: Dec 2017
Location: Scotland
Posts: 508
|
OK, I understand better now.
When you say "an email app" on your phone ... that strikes me (depending on where it came from) as maybe a potential security hole. I think I'd trust a generic webmail system running on a mail provider's servers & a stable browser more. There's also a risk if you lose the phone especially if it was unlocked at the time. |
19 Mar 2024, 02:56 AM | #9 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,962
|
|
19 Mar 2024, 03:25 AM | #10 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,840
|
Quote:
|
|
24 Sep 2024, 06:26 AM | #11 |
Master of the @
Join Date: Sep 2004
Posts: 1,698
|
More the better
I sync my email between devices. I am using an extremely good deal for exchange email. I?ve got SPF, DKIM enabled so it?s basically as secure as it can be.
I just feel that I should be able to keep my email as secure as I can. I?d rather keep spam out and important email in. |
24 Sep 2024, 09:42 PM | #12 | |
Cornerstone of the Community
Join Date: Dec 2017
Location: Scotland
Posts: 508
|
Quote:
They don't in any way prevent anyone else getting access to your email account, either to read emails you've received, or to send things in your name. |
|
Thread Tools | |
|
|