Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. external email programs bypass two-factor authentication

external email programs bypass two-factor authentication

Scheduled Pinned Locked Moved Solved Support
mail
3 Posts 3 Posters 637 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U Offline
    U Offline
    userino
    wrote on last edited by girish
    #1

    Hi, I noticed that I can log in to an email program with a simple password, even though I have two-factor authentication enabled everywhere (i.e. in Cloudron itself and in SnappyMail).
    Is this a bug that you can log in just like that? After all, there are also app passwords....

    girishG 1 Reply Last reply
    1
    • C Offline
      C Offline
      ccfu
      wrote on last edited by
      #2

      When you send and receive email with an email client you are logging in to the mailserver and there is no 2FA for IMAP or SMTP.

      1 Reply Last reply
      4
      • U userino

        Hi, I noticed that I can log in to an email program with a simple password, even though I have two-factor authentication enabled everywhere (i.e. in Cloudron itself and in SnappyMail).
        Is this a bug that you can log in just like that? After all, there are also app passwords....

        girishG Do not disturb
        girishG Do not disturb
        girish
        Staff
        wrote on last edited by
        #3

        @userino yeah, it's that way because IMAP/SMTP have no concept of sessions. This means that you might have to repeatedly enter 2FA token which would in turn make using mails clients quite unusable.

        I recommend generating an app password for Email (what I use personally) and using that as a "throwaway" password. It will work only for Email an won't let you login to other apps.

        1 Reply Last reply
        2
        • girishG girish marked this topic as a question on
        • girishG girish has marked this topic as solved on
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search