Post AJYYlLhmGHHHS901Tc by kev@fosstodon.org
 (DIR) More posts by kev@fosstodon.org
 (DIR) Post #AJYYlLLnZzhGLyiTDc by tulpa@fosstodon.org
       2022-05-17T21:06:57Z
       
       0 likes, 0 repeats
       
       It's common wisdom to secure your important accounts with 2FA. Your primary email is very important, because it can be used to do password resets on your other accounts. Therefore, it makes sense to use 2FA on your email.IMAP does not support 2FA. So if you want to use IMAP, you need at least one single-factor password available. Thus defeating the 2FA.How do you reconcile these two things?
       
 (DIR) Post #AJYYlLhmGHHHS901Tc by kev@fosstodon.org
       2022-05-17T22:02:19Z
       
       0 likes, 0 repeats
       
       @tulpa app specific password is the closest you will get. Or, disable IMAP and don’t use it.
       
 (DIR) Post #AJYYsaQxtlcLA1aR6m by sanchez@fosstodon.org
       2022-05-17T21:55:06Z
       
       0 likes, 0 repeats
       
       @tulpa Don't use email to reset passwords on other accounts. Don't make email account very important. It wasn't created for this purpose.
       
 (DIR) Post #AJYYsawA1mZSimBLjU by kev@fosstodon.org
       2022-05-17T22:03:38Z
       
       0 likes, 0 repeats
       
       @sanchez @tulpa how on earth can that be done when it’s the service providers who require an email for PW resets.
       
 (DIR) Post #AJYZLrtQ47orhrrHwe by sanchez@fosstodon.org
       2022-05-17T22:08:57Z
       
       0 likes, 0 repeats
       
       @kev @tulpa Hehe. That's irony of this whole situation.In ideal world nobody won't require e-mail for PW resets and it would be common wisdom. Everybody knows that email and security in one sentence sounds at least weird.Some solution would be to have primary email for non-important, non-password related communication, and secondary e-mail on services listed by @tulpa just for those silly PW resets.