Need to consider how to set up alternative passwords for IMAP/POP3 and SMTP

[ravenstar68]

Hi

I've installed this plugin today. While a good start, it needs improvement. I'm not a programmer so I'm not sure how it's implemented though,

When using 2FA with Gmail and Outlook, the main login password is disabled for IMAP/POP3 and SMTP clients. Instead they use a system whereby they create random app passwords for clients that don't support O/Auth, with several different App passwords being applied so you can set up different apps without them actually revealing the previous password.

Currently your system will keep hackers out of Webmail, but does not protect the underlying servers, should the password be exposed.

Tim

[alexandregz]

Hi ravenstar68: I know this issue but the software is just a Roundcube plugin ( closed issue #12 ). I think this issue is for sysadmins more than the plugin itself.

Thanks for the feedback!