Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I take it if someone really still want to fetch all his emails the old way, he could configure GMail to forward every single email to another address (not a GMail one): one still allowing IMAP/POP. Not a panacea but it may be an acceptable workaround for some usecases.


You can still use app-specific passwords, so your 1992 mail client will still work... Although sending even an app-specific password in cleartext over the internet seems like a bad plan.


But why are those more secure than other passwords? How can they know that this 1992 app is the app it claims to be?


Because for the user account, people use things like "hunter2". But app specific passwords are long random strings unlikely to be reused by the user for another site.


My Gmail password is also long and not reused anywhere. My impression was that it's the app itself that Google doesn't trust, in which case, why trust it with that app-specific password? Can the app-specific password still get leaked and reused if the app is compromised?


Sure but Google doesn't know that, and app passwords are a way to functionally ensure no password reuse.


What do you mean by things like "*******"? Seven asterisks?


I use Thunderbird which already had a release this year. It's been using encryption since forever.

Luckily I don't use GMail for my mail.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: