Welcome to the mailbox.org user forum!
 

Device/App specific password

5512212 shared this idea 22 months ago
Proposed

It would be great to have an device/app specific password; otherwise one has to choose between security (using solely 2fa in the browser) and practicality (using email clients on laptop and phone).

Comments (11)

photo
1

Deactivate 2FA. Connect via an email client to your mailbox account and then reactivate 2FA (working on Evolution email).

photo
1

Yeah, that trick doesn't work for me with K-9 mail IMAP, and it shouldn't work.

photo
photo
1

Deactivate 2FA. Connect via an email client to your mailbox account and then reactivate 2FA (working on Evolution as far as I can see).

photo
1

I agree with this proposal. I actually had already submitted this idea recently.

photo
1

If you go on Settings --> One Time Passwords there's an option with a drop-down menu called "OTP security level".

You can choose to use OTP for web access and regular password for email clients and other things that don't support OTP.


It will be good to have app-specific passwords, but this method is pretty secure IMHO.

photo
1

I second this issue. It should be possible to set different passwords for each protocol : https, imaps, smtps, etc ...

photo
2

I would love to have this feature :) I recently migrated from google and was sad to see that mailbox did not offer app passwords.

photo
1

The same issue is also discussed as part of the 2FA Forum thread. Maybe this can be merged into one proposition.

photo
3

I agree that app specific passwords would be an very useful feature.

In case a passwords gets leaked (for example through some bug in a mail client, mail fetcher, keychain app...), the concerned password can simply be deactivated and other apps/devices remain unconcerned.

This also would remove the hassle of updating the passwords on different devices each time the main password is modified.

photo
2

As mailbox.org don't have their own apps we should have the abillity to login to third party apps with a password different from the main password.

It would also be awesome to let the app only acces some of the account with that password e.g. only contacts.

When a third party service get both email and password it is not very good. Even if you have encrypted emails they can change your password and lock you out from your own account.

photo
1

Hi.


I'm with you and also would like to have app-specific passwords.

But as far as I understood it's not that easy to implement due to security reasons.

mailbox.org connects via LDAP bind and there you can only define "one" passwords. They don't connect via proxies or via SQL-Databases (security reasons).

If you can define/have several passwords within one user-account for LDAP bind it would be possible.

photo