Welcome to the mailbox.org user forum!
 

Request - 2FA on all protocols

4217883 shared this idea 4 months ago
Proposed

Hi,


I'm a big fan of Mailbox.org and a security nerd.

I know you probably get a lot of questions around 2FA, sorry to bother with another one.


It makes me nervous that 2FA is only on HTTPS and not on the other protocols like IMAP. It seems if someone got my password, 2FA wouldn't really do anything in this case. Assuming the attacker was smart enough to try my password against all protocols 2FA wouldn't stop them.


Is it possible to add it to the road map to add 2FA protection to all email protocols?


Thanks,

Jon

Comments (2)

photo
1

There is no way to implement this. There isn’t a standard way for clients to prompt for a second factor. What other providers do is to issues clients app-specific passwords . This is basically a dedicated password per client that gives them access over one specific protocol so the main password and access to the 2FA-protected webmail and account settings.

photo
1

Agree with the answer from "DA".