End user cannot get to password submissions screen.
Cause:
In order to switch to the new OAuth 2.0 method you are required to temporarily accept all cookies to complete the switch. You can disable accepting cookies after the swith to OAUTH 2.0.
Hi
A well thought out post thankyou. I dont hate 2factor but its hard to get away from it.
I prefer to sidestep the security in hance ment prompt and go on regardless this is at
the price off extra security.
Thank you. Sometimes the symtoms of these kinds of issues can be misleading. When I first hit the issue I was thinking perhaps my application access was de-authorized or maybe a Google service was down. I’m glad they are making a move on hardening services (which is really needed).
As for 2 factor authentication … I wish it was more consistent. Here in Canada I do think we need it for services like Bank access and transactions (better then a 6 digit pin). But then I prefer offline 2-factor Like Authy, Microsoft and Google authenticator apps. Most banks here have their own solution where they want to text you on your cell or call your home to give you a code. So that is not my cup of tea.
If you set up an app password in your Google security settings, and use that password in Thunderbird or other IMAP app, you don’t need to deal with the OAUTH process.
This is a very good point. To the best of my knowledge Application Specific passwords will bypass 2 factor authentication which is not ideal from security standpoint.
2 factor allows you to authorize applications per device
(e.g. i must perform 2 factor authentication the first timevi use bitwarden vault on a new computer).
I bet Google does do some profiling on the back end, such that if you login from halfway around the world, you might get an email notification if they also see you logged in somewhere else. Guess though.
And yes, “app passwords” is not “application specific passwords”. But a password to use in an application, rather than usual ways to log in to a service.
A 16 character app password will take around an estimated 1.5 hundred centuries at 100b guesses/second; maybe 14 years on a massive cracking array scenario doing 100 trillion guesses/second. This would be a lot of electricity and heat though.