App Passwords and Email Passwords Are Weak
Let me build a logical case here.
1. First, I appreciate that Mailbox has implemented App and Email Passwords for greater log in tracking, compartmentalization, and protection of a customers main account password.
2. However, customers have no control over choosing strong, unique, and not easily crackable passwords for either Apps or Email clients.
3. Instead, customers are assigned short, uncomplicated, and formulaic passwords that anyone with a free account can see the basic layout for (user name is ___@___, passwords are small without complex characters and I'll leave it there for obvious reasons).
4. To make matters worse, there is no 2FA protection for these perplexingly short and basic App and Email passwords.
5. Anyone from beginner hackers to state actors now have powerful software and artificial intelligence at their disposal, which lets the computer easily do all the guess work and quickly break weak passwords or guess predictable usernames.
6. The obvious solution is to either 1) massively expand the default assigned length and complexity of the passwords generated by Mailbox for users, or 2) allow users to do that themselves.
7. Right now, weirdly, using your main uber strong account password is more secure than using a bunch of weak app passwords. I don't think we should need to settle for a compromise between security and convenience when a solution for both could be so easily attained with some basic upgrades.
8. Finally, while most people don't consider things like this, and it admittedly falls in the higher threat models, in Settings > Privacy > Personal Data Access, everyone's App Password username is right there for Big Brother or his friends to demand or steal at will. What's the big deal? Your email address is there too, right? Well, once someone has your UID (App Password username), one way or another, guessing every password associated with it and gaining access to all your data is easy because these passwords are so inherently weak.
My post script is as follows: If I'm correct about any or all of this, it may be 100% on Open-Xchange, as they are the software developer and Mailbox collaborates with them as a provider. I really appreciate the service Mailbox offers (see my previous post for why) and hope this can be taken as a constructive critique. And...if I'm wrong about any or all of this, I'm happy to learn why. 🙂
The same problem 
Additionally, I would like to be able to set up a separate password for an email app. Since an app may be compromised at any time, a separate (from the administrative account) password is the right approach to increase privacy and security.
I do not feel comfortable using my main password which covers my personal and payment data along with all mail and the file storage outside my specially designed private and secure environment.
Additionally, I would like to be able to set up a separate password for an email app. Since an app may be compromised at any time, a separate (from the administrative account) password is the right approach to increase privacy and security.
I do not feel comfortable using my main password which covers my personal and payment data along with all mail and the file storage outside my specially designed private and secure environment.
Replies have been locked on this page!