<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div><div class="plaintext"><p dir="auto">Duo has (at least) two modes of operation. One is a standard
<br />
time-based one-time password: the site supplies you with a key
<br />
(often via a QR code), and your phone calculus F(key, time).
<br />
The other is a bit more complex: when you try to log in, the
<br />
site sends a push message to your phone; you unlock your
<br />
phone and tap "OK". That latter *could* be transparent to
<br />
IMAP, but you'd have to go through that dance every time
<br />
you Mac logged in, as opposed to keeping the IMAP connection
<br />
open.
</p>
<p dir="auto">Apple has the notion of "device passwords": you log in with
<br />
2FA to Apple, and it sends you a random password you paste
<br />
into your mailer—or mailers.
</p>
<p dir="auto">On 24 Jun 2021, at 20:35, Harvey Leff wrote:
</p>
<blockquote><p dir="auto">I had written earlier that my email provider (the university from which I retired) stopped using IMAP, which would rule out use of MailMate. They also stopped having a "Forward all mail" option so I cannot move my mail to an IMAP-enabled site. I've complained, and the response is below. I switched (with great difficulty) to gmail, which of course uses IMAP and allows me to continue my love affair with MailMate.
<br />
It seems that a prime alleged reason for their change is that IMAP does not support 2-Factor authentication. Do any of you experts have knowledge whether that claim is true and really limits security?
<br />
They are now implementing 2FA using a seemingly complicated system called Duo. Anybody know about that type of 2FA?
<br />
The university's reply is below if you are interested and willing to read the claims. What I **DO** know is that the university replaced its standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.
<br />
Beware, this might be an indicator of the future… Yikes!
<br />
Harvey Leff
<br />
Portland, Oregon USA
<br />
~ ~ ~
</p>
<blockquote><p dir="auto">Higher education institutions are a top target for cyber criminals who are attracted to our thousands of identities (faculty staff, student and emeritus), as well as research data. Stolen or compromised account credentials are a contributing factor to phishing scams, as well as malicious data, system breaches, and identity theft. The campus continues to improve security to address cyber risks, including securing our Bronco accounts and their credentials.
<br />
We have taken steps to improve the security of our accounts, which includes disabling insecure settings, and adding 2-Step Authentication. These actions are required due to updates planned by Microsoft in late 2021.
<br />
* As you are aware, on February 1, 2021, CPP disabled Office 365 email settings for IMAP, SMTP, and POP per security recommendations. POP and IMAP are considered less secure due to their lack of authentication security, including lack of support for 2-Step Authentication. Applications using more secure authentication methods are now required to improve email security and reduce the risk of compromised accounts. Suggested email applications include Office 365 web application<<a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fcpp.edu&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307343341%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hCIY61Zl6Hooe0a4K4b8cCaeWG7IDTRtnK7yD3w3Fc0%3D&reserved=0">https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fcpp.edu&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307343341%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hCIY61Zl6Hooe0a4K4b8cCaeWG7IDTRtnK7yD3w3Fc0%3D&reserved=0</a>> , Outlook desktop application<<a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fadd-an-email-account-to-outlook-6e27792a-9267-4aa4-8bb6-c84ef146101b&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sTa47jp5e837m9rLalOe3B0TJsM6ArUeBiouePrjGH8%3D&reserved=0">https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fadd-an-email-account-to-outlook-6e27792a-9267-4aa4-8bb6-c84ef146101b&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sTa47jp5e837m9rLalOe3B0TJsM6ArUeBiouePrjGH8%3D&reserved=0</a>> , the Outlook mobile application<<a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Foutlook-mobile-for-android-and-ios&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6lbi2wm5hZupWA0QFtkEyPbbKScZGH09CptCNO6JPWE%3D&reserved=0">https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Foutlook-mobile-for-android-and-ios&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6lbi2wm5hZupWA0QFtkEyPbbKScZGH09CptCNO6JPWE%3D&reserved=0</a>> (for IOS or Android), or Mac Mail.
<br />
* The campus has implemented 2-Step Authentication as an additional layer of security for our Bronco Accounts . Emeritus are required to enroll in 2-Step Authentication by July 6, 2021 to avoid any access interruption. After July 6, 2-Step Authentication will be required for emeritus to access campus services, including email. 2-Step enrollment information has been provided to emeritus who have not yet enrolled and is also on our website: <a href="https://www.cpp.edu/it/2step/">https://www.cpp.edu/it/2step/</a>. Three (3) options are available for 2-Step Authentication: a smartphone app, a call back number or request a hardware token<<a href="https://cpp.service-now.com/ehelp?id=sc_cat_item&sys_id=2633842edb1e6c10f0eed2e3ca961956">https://cpp.service-now.com/ehelp?id=sc_cat_item&sys_id=2633842edb1e6c10f0eed2e3ca961956</a>> .
</p>
</blockquote><p dir="auto">_______________________________________________
<br />
mailmate mailing list
<br />
mailmate@lists.freron.com
<br />
<a href="https://lists.freron.com/listinfo/mailmate">https://lists.freron.com/listinfo/mailmate</a>
</p>
</blockquote><br /><p dir="auto"> —Steve Bellovin, <a href="https://www.cs.columbia.edu/~smb">https://www.cs.columbia.edu/~smb</a>
</p>
</div>
</div>
</body>
</html>