Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. external email programs bypass two-factor authentication

external email programs bypass two-factor authentication

Scheduled Pinned Locked Moved Solved Support
mail
3 Posts 3 Posters 530 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U Offline
      U Offline
      userino
      wrote on last edited by girish
      #1

      Hi, I noticed that I can log in to an email program with a simple password, even though I have two-factor authentication enabled everywhere (i.e. in Cloudron itself and in SnappyMail).
      Is this a bug that you can log in just like that? After all, there are also app passwords....

      girishG 1 Reply Last reply
      1
      • C Offline
        C Offline
        ccfu
        wrote on last edited by
        #2

        When you send and receive email with an email client you are logging in to the mailserver and there is no 2FA for IMAP or SMTP.

        1 Reply Last reply
        4
        • U userino

          Hi, I noticed that I can log in to an email program with a simple password, even though I have two-factor authentication enabled everywhere (i.e. in Cloudron itself and in SnappyMail).
          Is this a bug that you can log in just like that? After all, there are also app passwords....

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          @userino yeah, it's that way because IMAP/SMTP have no concept of sessions. This means that you might have to repeatedly enter 2FA token which would in turn make using mails clients quite unusable.

          I recommend generating an app password for Email (what I use personally) and using that as a "throwaway" password. It will work only for Email an won't let you login to other apps.

          1 Reply Last reply
          2
          • girishG girish marked this topic as a question on
          • girishG girish has marked this topic as solved on
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search