I’ve successfully set up 2FA on my /e/ account and device.
However I’m wondering about the safety of emails:
Does that mean if my password is compromised, someone could access my e.email by connecting to the IMAP/SMTP server directly (not from ecloud), bypassing 2FA?
Would it be possible to secure the emails with an app password, for example? I feel reluctant to using e.email without a second layer of protection.
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
I’m not sure but I think this happens when you activate 2FA:
Enabling 2FA locks you out of every application which does not support a second input field like a 2FA TOTP. For these applications you need to create a special “application-password”. This is a seperate password which allows access to e-cloud without 2FA TOTP, but it cannot be used to login via Browser and access any settings as you need to authenticate with the real password and TOTP.
You also have a login history of your devices, so you can detect if an application you don’t know log in to your account.
Other email provider have the same problem mit IMAP, some give you the option to disable access with any other app than a browser.
App passwords do work as intended with eCloud apps, but can we set one for the email account?
I just tried adding my @e.email in a client, all that’s needed are the address and password.
So even though my eCloud is secured with 2FA (settings, files, calendar etc.), the email account (IMAP/SMTP) can be accessed with one factor only.
It would be very nice to increase the security with TOTP, this is a big missing feature.
Do you know where we could request feature ?
TOTP is available, but not for IMAP/POP3 email clients.
yes I understand that, just to be sure, the webmail client is only Rainloop under nextcloud right ?
I really like the service, but having the email without 2-factor authentication is very bad. It would be great if it could inherit Nextcloud 2-fa (I even use it with an hardware device, with password specific apps and so on…) but, it this is not possible, having at least the possibility of setting client specific aps just for the email part would be a good thing.