Google is nuking simple username/password sign ins?
Linux for blind general discussion
blinux-list at redhat.com
Fri Mar 4 13:33:44 UTC 2022
I haven't gotten such an e-mail, but any idea what this means for
> people using the Gmail web interface?
Most if not all Google services will now require that you confirm that
it is you signing into your account. They are making two-factor
authentication mandatory, and requiring app passwords for things like
IMAP. This means that you will likely need a phone or tablet the first
time you sign in on a new device, something that will get a notification
from Google that you can tap to confirm it's you. They can also send you
a text message with a code, which you could verify on the web if you
have a phone service that works that way. I find that Google Voice
itself will actually work for this, but it only allows registration in
the States. But you can get the code on a regular mobile and type it
into the website if you don't have any way to get the notification. I
find the app password idea to be highly insecure, and I refuse to use
it. Essentially they want to generate a password for every app you use
and store it for you. If you lose access to the app at any time, you
have to get that password back, or possibly have Google generate a new
one for you. But worse than that, if someone gains access to your Google
account or hacks their servers, they get your app passwords as well, or
can trick Google into generating new passwords for your apps. This
doesn't have any impact on the Gmail web interface, but would certainly
cause you to lose access to your IMAP email if you don't trust Google to
keep the passwords they generate for you safe.
~Kyle
More information about the Blinux-list
mailing list