[MlMt] Follow Up to Email Concerns

Harvey Leff hsleff at gmail.com
Thu Jun 24 20:35:55 EDT 2021

I had written earlier that my email provider (the university from which 
I retired) stopped using IMAP, which would rule out use of MailMate. 
They also stopped having a "Forward all mail" option so I cannot move my 
mail to an IMAP-enabled site. I've complained, and the response is 
below. I switched (with great difficulty) to gmail, which of course uses 
IMAP and allows me to continue my love affair with MailMate.

It seems that a prime alleged reason for their change is that IMAP does 
not support 2-Factor authentication. Do any of you experts have 
knowledge whether that claim is true and really limits security?

They are now implementing 2FA using a seemingly complicated system 
called Duo. Anybody know about that type of 2FA?

The university's reply is below if you are interested and willing to 
read the claims. What I **DO** know is that the university replaced its 
standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.

Beware, this might be an indicator of the futureā€¦ Yikes!

Harvey Leff
Portland, Oregon USA
~ ~ ~

> Higher education institutions are a top target for cyber criminals who 
> are attracted to our thousands of identities (faculty staff, student 
> and emeritus), as well as research data.  Stolen or compromised 
> account credentials are a contributing factor to phishing scams, as 
> well as malicious data, system breaches, and identity theft.  The 
> campus continues to improve security to address cyber risks, including 
> securing our Bronco accounts and their credentials.
> We have taken steps to improve the security of our accounts, which 
> includes disabling insecure settings, and adding 2-Step 
> Authentication.  These actions are required due to updates planned by 
> Microsoft in late 2021.
>   *   As you are aware, on February 1, 2021,  CPP disabled Office 365 
> email settings for IMAP, SMTP, and POP per security recommendations.  
> POP and IMAP are considered less secure due to their lack of 
> authentication security, including lack of support for 2-Step 
> Authentication.  Applications using more secure authentication methods 
> are now required to improve email security and reduce the risk of 
> compromised accounts.  Suggested email applications include Office 365 
> web 
> application<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fcpp.edu&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307343341%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hCIY61Zl6Hooe0a4K4b8cCaeWG7IDTRtnK7yD3w3Fc0%3D&reserved=0> 
> , Outlook desktop 
> application<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Foffice%2Fadd-an-email-account-to-outlook-6e27792a-9267-4aa4-8bb6-c84ef146101b&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sTa47jp5e837m9rLalOe3B0TJsM6ArUeBiouePrjGH8%3D&reserved=0> 
> , the Outlook mobile 
> application<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Foutlook-mobile-for-android-and-ios&data=04%7C01%7Ccarolhg%40cpp.edu%7Ccbf969a3939444a7b1f408d937650641%7C164ba61e39ec4f5d89ffaa1f00a521b4%7C0%7C0%7C637601729307353339%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6lbi2wm5hZupWA0QFtkEyPbbKScZGH09CptCNO6JPWE%3D&reserved=0> 
> (for IOS or Android), or Mac Mail.
>   *   The campus has implemented 2-Step Authentication as an 
> additional layer of security for our Bronco Accounts . Emeritus are 
> required to enroll in 2-Step Authentication by July 6, 2021 to avoid 
> any access interruption.  After July 6, 2-Step Authentication will be 
> required for emeritus to access campus services, including email. 
> 2-Step enrollment information has been provided to emeritus who have 
> not yet enrolled and is also on our website:  
> https://www.cpp.edu/it/2step/.  Three (3) options are available for 
> 2-Step Authentication:  a smartphone app, a call back number or 
> request a hardware 
> token<https://cpp.service-now.com/ehelp?id=sc_cat_item&sys_id=2633842edb1e6c10f0eed2e3ca961956> 
> .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210624/d881aeb4/attachment.htm>

More information about the mailmate mailing list