[OT] fetchmail replacement supporting Oauth

José María Mateos chema at rinzewind.org
Tue May 3 05:07:07 UTC 2022


On Mon, May 2, 2022, at 23:25, lilydjwg wrote:
> Google doesn't disable app passwords (requires 2FA). Google is going to
> disable account passwords login at the end of this month.[1]
>
> I've switched to OAuth because I don't want to enable 2FA (which means
> if I lost all my devices, I would lose access to my Google account).

Your concern is valid, but I think there are ways around it, and using application passwords looks to me like a good security practice.

What I personally do is to store the 2FA tokens in Authy in the phone, but also keep a backup copy (that sometimes is the working copy, as I don't always have the phone in the same room with me) in a KeePassXC[1] vault that I sync in Dropbox and in a couple of other machines I have access to. As long as you have access to this password file, you have access to your TOTP tokens.

Cheers,

[1] https://keepassxc.org/

-- 
José María (Chema) Mateos || https://rinzewind.org


More information about the Mutt-users mailing list