Does that mean if my password is compromised, someone could access my e.email by connecting to the IMAP/SMTP server directly (not from ecloud), bypassing 2FA?
Would it be possible to secure the emails with an app password, for example? I feel reluctant to using e.email without a second layer of protection.
I’m not sure but I think this happens when you activate 2FA:
Enabling 2FA locks you out of every application which does not support a second input field like a 2FA TOTP. For these applications you need to create a special “application-password”. This is a seperate password which allows access to e-cloud without 2FA TOTP, but it cannot be used to login via Browser and access any settings as you need to authenticate with the real password and TOTP.
You also have a login history of your devices, so you can detect if an application you don’t know log in to your account.
Other email provider have the same problem mit IMAP, some give you the option to disable access with any other app than a browser.
I really like the service, but having the email without 2-factor authentication is very bad. It would be great if it could inherit Nextcloud 2-fa (I even use it with an hardware device, with password specific apps and so on…) but, it this is not possible, having at least the possibility of setting client specific aps just for the email part would be a good thing.
Hello, I am currently trying out Murena workspaces and I am also a bit concerned about the missing 2fa for the email. There seems to be no news to this topic since the last entry in this disscusion here. Are there any news on this topic in 2026? Or if this is planned in the near future?
