[CLUE-Tech] Secure authentication POP/IMAP
William
bkimball1 at yahoo.com
Fri Jun 4 10:57:01 MDT 2004
Unfortunately, no. POP/IMAP is *not* usually secure. Secure connections and authentication
requires very specific support on both the server and the client. Such secure configurations
represent a minority of the available software (and is certainly not the default configuration of
the main-stream solutions -- which most people tend to accept). Additionally, setting up such a
secure environment takes time and instructing your entire user base to use the mechanism takes
even more -- amplified by the number of users you support. Therefore, the cost/benefit ratio of
using such a system is usually NOT worthwhile to the system administrators.
You cannot make your e-mail secure by simply enabling the security features of your mail client
(Mozilla). The server has to accept a secure connection and/or authentication for it to work.
For the most part, you should get an error message when you attempt this on a system that does not
have these security mechanisms in place.
--- Angelo Bertolli <angelo at freeshell.org> wrote:
>
> Is POP/IMAP authentication usually secure? I guess when setting up my
> email client in Mozilla, I notice that it has both "use secure
> authentication" and "use secure connection" which I take to mean... that
> even if I am use the pop3s daemon, my authentication might NOT be secure?
>
> Actually this is an issue for me. Ever since my Amazon.com account got
> broken into, I've been wanting a secure method of authentication for
> retrieving my email. The real problem is that even though someone getting
> into your email is bad enough (e.g. they can ask Amazon.com to resend the
> password to your email), it's even worse when you have an account on a
> UNIX/Linux server where the password for email is the same as the password
> you use to login via shell (and don't even get me started on what might
> happen if one of these people is a sudoer).
>
> Angelo
>
>
>
> --
> The only possible interpretation of any research whatever in the
> `social sciences' is: some do, some don't.
> -- Ernest Rutherford
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
=====
William Kimball, Jr.
"Programming is an art form that fights back!" =)
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
More information about the clue-tech
mailing list