View previous topic :: View next topic |
Author |
Message |
jhon987 Apprentice
Joined: 18 Nov 2013 Posts: 297
|
Posted: Mon Sep 18, 2017 2:06 pm Post subject: Postfix Authentication Method: is 'normal password' secure? |
|
|
A few months ago I finished building a new mail server, following Gentoo's virtual mail server guide (https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server).
Now, I noticed that recent Gmail accounts are using authentication method called OAUTH2 whereas my mail server uses 'normal password'.
According to Wikipedia: "OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords."
So it seems unnecessary for the simple needs I currently have which are receiving and sending mail via imap.
Nevertheless, I still wonder whether 'normal password' is the secure way to go, or is it that the guide is simply a bit outdated and maybe I should switch to a different method?
Edit: I connect via SSL/TLS of course |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Mon Sep 18, 2017 5:41 pm Post subject: |
|
|
OAuth2 only exists because website security in general is a trash fire. (Sufficiently complex) passwords over TLS are fine. |
|
Back to top |
|
|
jhon987 Apprentice
Joined: 18 Nov 2013 Posts: 297
|
Posted: Tue Sep 19, 2017 7:31 am Post subject: |
|
|
OK Thanks Ant |
|
Back to top |
|
|
chiefbag Guru
Joined: 01 Oct 2010 Posts: 542 Location: The Kingdom
|
Posted: Tue Sep 19, 2017 9:10 am Post subject: |
|
|
On a side note if you use 2 step authentication on your GMail account you can generate separate "App Passwords" to allow the likes of Postfix access your GMail account. |
|
Back to top |
|
|
|