![]() I noted there that Arc had become the default dashboard for much of what I do, so much so that I had moved my email to my secondary screen. Most recently, I went in-depth on the beta Web browser Arc because, well, the title of my article says it all: “ Arc Will Change the Way You Work on the Web” (). I regularly use beta software but seldom write about it in TidBITS unless it is sufficiently stable, feature-complete, and interesting. #1681: Take Control Books 20th anniversary, USB-C Apple Pencil, Kini motion detector monitors access, topical social spaces.#1682: Apple’s “Scary Fast” announcement, X.1 updates to 2023 OS versions, Microsoft Word’s 40th anniversary, 5G wireless Internet.#1683: New M3 chips in updated MacBook Pros and iMac, record Apple Q4 profits on lower revenues, no more 27-inch iMacs.#1684: OS bug fix releases, Finder tag poll results, Messages identity verification, blocking spambots, which Apple services do you use?.#1685: Hidden secrets of the Fn key, Emergency SOS via satellite free access extended, RCS support in Messages, Rogue Amoeba icon evolution.So either way, you end up have some sort of special token that can bypass all authentication. This token bypasses all 2FA and passwords, just like the app password does. When you login to a site and hit "Remember me", the site saves an OAuth refresh token in your browser. This has less to do with the password length and more to do with Google heavily limiting the attacker's guess rate.Īlso as mentioned before, app passwords skip 2FA because they are equivalent to an OAuth refresh token. This is because the time it will take to brute force both of them is infinity. ![]() The app passwords do not allow you to sign in? I literally just tried it? It just says: "Try again with your Google account password".Īlso, although the app passwords may be technically weaker than your normal password, for practical purposes, they are the same length. Log out of Google, clear your browser cache and cookies, and now log in using your "app password." Surprise! That app password is sh-t compared to my normal password, skips the 2-step verification, and unfortunately can be used to sign in. Instead, Google will ask me to use an "app password" that I can generate (6-8 characters long). Thunderbird does not support this (submitting that code). When using 2-step verification in my browser I submit my 1,000 character password and then submit the temporary generated security code. The client downloads attachments with emails (do not want). I cannot hide my location or IP when I open the email or send an email, revealing myself (do not want to). When it downloads the 5+ GB worth of email onto my computer and if I delete them to save space when it syncs it deletes them from the cloud (do not want). Those emails I download are no longer in the cloud (do not want, want them to remain in the cloud). Those emails take up space on my hard drive (do not want). Thunderbird downloads (retrieves) my e-mail onto my computer (do not want). I do know how Thunderbird works (unless it has changed). Thunderbird is about equivalent security with webmail depending on whether or not you have "save password" enabled in Protonmail. 6) I do not want all the privacy and security concerns that come with using any mail client.In fact, I believe it is the default for Gmail at least. You can login using OAuth on Thunderbird. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |