Again: "Somebody knows your password" (Google)
Karl Auer
kauer at biplane.com.au
Sat Oct 14 01:44:04 UTC 2017
On Sat, 2017-10-14 at 00:46 +0200, Volker Wysk wrote:
> Am Samstag, 14. Oktober 2017, 00:34:30 CEST schrieb Karl Auer:
> > Turn on multifactor authentication. It's really easy and makes a
> > breach much, much less likely. Even if they know your password they
> > cannot get in.
> So, I'd turn on two-factor authentication, and turn it off for my
> computer again? I'm retrieving my mail via fetchmail every few
> minutes, A second factor isn't feasible. For my smartphone, it's
> similar.
Google allows you to set up additional passwords for specific
applications. As this is a machine fetch, the password can be
arbitrarily complicated, so go wild! As long as the sessions are SSL
protected. I haven't done this except for my phone, so let us know if
it works for you. It is definitely doable for your phone.
However, if your fetch process can handle 2FA, it's quite easy to
script. Store the TOTP in a text file somewhere eg key.txt with
suitable permissions, install oathtool, and get the current code in
your scripts with:
oathtool --totp -b `cat key.txt`
Since you have the password stored somewhere already for fetchmail, I
guess this is no less secure, but it absolutely prevents a password
hack. Guessing or brute-forcing a TOTP secret is effectively
impossible.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
More information about the ubuntu-users
mailing list