[CLUE-Tech] Secure authentication POP/IMAP

William bkimball1 at yahoo.com
Fri Jun 4 10:57:01 MDT 2004 

Unfortunately, no.  POP/IMAP is *not* usually secure.  Secure connections and authentication
requires very specific support on both the server and the client.  Such secure configurations
represent a minority of the available software (and is certainly not the default configuration of
the main-stream solutions -- which most people tend to accept).  Additionally, setting up such a
secure environment takes time and instructing your entire user base to use the mechanism takes
even more -- amplified by the number of users you support.  Therefore, the cost/benefit ratio of
using such a system is usually NOT worthwhile to the system administrators.

You cannot make your e-mail secure by simply enabling the security features of your mail client
(Mozilla).  The server has to accept a secure connection and/or authentication for it to work. 
For the most part, you should get an error message when you attempt this on a system that does not
have these security mechanisms in place.

--- Angelo Bertolli <angelo at freeshell.org> wrote:
> 
> Is POP/IMAP authentication usually secure?  I guess when setting up my 
> email client in Mozilla, I notice that it has both "use secure 
> authentication" and "use secure connection" which I take to mean... that 
> even if I am use the pop3s daemon, my authentication might NOT be secure?
> 
> Actually this is an issue for me.  Ever since my Amazon.com account got
> broken into, I've been wanting a secure method of authentication for
> retrieving my email.  The real problem is that even though someone getting
> into your email is bad enough (e.g. they can ask Amazon.com to resend the
> password to your email), it's even worse when you have an account on a
> UNIX/Linux server where the password for email is the same as the password
> you use to login via shell (and don't even get me started on what might
> happen if one of these people is a sudoer).
> 
> Angelo
> 
> 
> 
> -- 
> The only possible interpretation of any research whatever in the
> `social sciences' is: some do, some don't.
>  		-- Ernest Rutherford
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech


=====
William Kimball, Jr.
"Programming is an art form that fights back!"  =)


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

More information about the clue-tech mailing list