Re: Google Dropping "Less Secure Apps" for GMail May 30th 2022 -- MIDRANGE-L

On Fri, Mar 4, 2022 at 4:13 PM James H. H. Lampert via MIDRANGE-L
<midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

On 3/4/22 11:59 AM, John Yeung wrote:

Forcing use of a crypto key ensures that some "reasonable"
threshold of security is achieved.

Except that *anybody* who can gain access to a client box with the
crypto key for the server can not only gain access to the server, but
copy the crypto key elsewhere.

Well, I doubt there is anything the server can do to secure a client
against unwanted third-party access of that client. On that front,
keys might not be more secure than passwords. But on balance, given
the various attack vectors and the realities of the humans involved,
keys are generally much better than passwords.

It never ceases to amaze me that every time I enter the password to
mount a volume stored as a protected DMG on my work Mac, it asks me if I
want to save the password. What would be the point of
password-protecting a volume if it opened without manually entering the
password?

I am with you when it comes to most cases of "helpfully" offering to
save passwords. If I care about what I'm password protecting, I want
the password to be required every damn time it is accessed.

John Y.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.