Why is email authentication changing?

Topic

New Reply

ON SECURITY By Susan Bradley Throughout the lifetime of Internet-based email, we’ve been told over and over that it was dying, or soon to be dead. The
[See the full post at: Why is email authentication changing?]

Susan Bradley Patch Lady

3 users thanked author for this post.

MHCLV941, AlexEiffel, lmacri

Reply | Quote

Replies

Folks mainly use INTERNET based email? I hate that. I use Thunderbird since its inception. I hate having to try to troubleshoot an email problem because my ISP (most of my email addresses are ISP ones) will want me to login to the master account via the web and I detest having to do that. Ususally, I can find and fix the problem by telnetting into my ISP’s email server as email generally has few problems. I have a couple of nternet based email accounts that are non ISP ones and which have servers in Europe. I use those for sensitive email.

I’m not sure what “email comes to you” means. At least ISPs in the USA now allow 10 or so email addresses per account.

1 user thanked author for this post.

Fred

Reply | Quote

Most people use INTERNET based email? Yes, and we love it. Been using Microsoft’s internet email since 1999. Never once had to troubleshoot a problem. Even after cleaning out old emails that are no longer relevant  I still have many, many messages going back over the years to autumn ’99. They never lost a single message. Can have as many folders as desired. Can limit Inbox to only people/entities on my contact list; all else goes automatically to Junk folder which I briefly scan in case a new, wanted communication source makes contact. Even though Microsoft has changed the name of their internet-based email several times my original email address remains the same; continuity is a good thing. I can have messages forwarded automatically from other email accounts such as Gmail, etc. very conveniently. Regarding privacy in general, once anything has been uploaded to a server or website there is no privacy. For truly sensitive messages or data it is, of course, sensible to use encryption, yet most of us never have the need for that. Other web-based email accounts which i may use for registering at various forums or online shopping, etc. have also proven totally reliable over at least 10 or 12 years of use. The only times I had to manually move any messages were when leaving Netscape (remember them?) and Excite. In both cases I simply did “Select All” and forwarded the whole lot to my (now) Outlook.live account. I should point out that this is all personal stuff, not sensitive business accounts. BUT, from the convenience and reliability standpoint it’s what many millions of us experience all the time.

Just out of interest what sort of email problems have you needed to troubleshoot?

Reply | Quote

Pretty much all email is internet-based. You can have a complete internal email system within (say) a company’s LAN, but most of them are not like that. It’s the web-based interface we’re talking about here.

With webmail, can you read all your archived email messages when you don’t have an internet connection? Can you see and read all the emails you sent and received on accounts that no longer exist? Can you instantly get email from all your email boxes from different providers without any extra steps? Is the interface exactly the same from all the different email providers you may use, so that you don’t have to hunt for anything?

I have a bunch of email addresses I use regularly, and they are not all from the same provider. My primary one is from my ISP, which will exist as long as I have this ISP. It’s not the first ISP I’ve had… there have been a lot of them. They don’t all keep my email on their servers forever so I can reference them years past the point when I last paid them anything. When I cancel service with them, it all goes away.

You never know when a web-based email provider may decide to call it quits, or when they will begin deleting all archived mail older than a certain date, or when they will impose a stricter storage quota that means your archive will no longer fit completely. If your data is completely in their hands, it’s subject to their terms. They can always cut you off from sending new email if they wish, but they can’t delete data that isn’t under their control. When you own the storage, the quota is whatever you say it is. The retention policy is whatever you say it is, too.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon

1 user thanked author for this post.

wdburt1

Reply | Quote

Mele20 wrote:

I have a couple of nternet based email accounts that are non ISP ones and which have servers in Europe. I use those for sensitive email.

Very good. There are many people like you using Swiss or Norway or German based emailaddresses and VPN-connections.
Law-abiding citizens shouldn’t be tracked and traced by anyone, not even by Uncle Sam

* _ the metaverse is poisonous _ *

Reply | Quote

Would someone please come up with an “authentication” system for seniors!  Many do not use smart phones and/or have difficulty SEEING things on a small screen.  I do not want to have to go dig out my cell phone to log into something!!!! Even gmail wants me to set up a secondary authentication system – – all of which seem to require my PHONE!!!

 

7 users thanked author for this post.

MHCLV941, ctRanger, Charlie, Fred, wavy, Chris B, PKCano

Reply | Quote

Authenticator apps may require the use of a phone. But I have two email clients set up with App Passwords from four email providers. Once entered into the application, an App Password will replace the normal password and will be remembered. From then on, the authentication is automatic and never needs to be re-entered. There are also hardware USB keys or a password manager set up to work with an authenticator app or system. Those cost money and may take up a port on your device.

-- rc primak

Reply | Quote

You are way above the technology level of most seniors who know how to turn ON the computer and log into email – – and for many that is the extent of their knowledge!

1 user thanked author for this post.

rc primak

Reply | Quote

Have you looked into Yubikey?   You press a button on a usb keyfob.

Susan Bradley Patch Lady

1 user thanked author for this post.

wdburt1

Reply | Quote

Again, you are way past the technology level of your average 80+ year old senior.  And since many of them ONLY use the computer for email to family and friends – – WHY is secondary authentication such an issue??

I do understand that most younger people do banking and such on their computer, but there are a whole lot of people who email family and friends and MAYBE check grandkid’s facebook – – and that is ALL

Reply | Quote

In that case the simplest way is probably to place your cellphone on the desk or table where your laptop or computer keyboard is. If you can get into the habit of doing this it will definitely make the annoying authentication thing a bit less annoying! No extra gadgets required, just place the phone near your keyboard. Sometimes when I’m writing an email I stop and think – hey, it would be easier just to call the other person since my phone is right here!

And, regarding those small, hard to see words on your cellphone screen I’m happy to let you know that all these phones have a setting where you can enlarge the text to make it bigger and easier to read all the time. That same setting also lets you make the text bold if desired.  Please ask a friend, or customer service, or the store where you bought the phone and they will show you how to do that. In fact, if you can tell us the exact brand and model of your cellphone we can probably find step-by-step instructions for adjusting the text size and post it here for you. Cheers!

Reply | Quote

What about those who do not have a cell phone?  I know several seniors who still have only a landline.

1 user thanked author for this post.

analogkid

Reply | Quote

Then they will need an extra gadget such as Yubikey which they may have difficulty using, who knows? We can keep raising possible obstacles to participation, and there will always be some cases we just can’t fix.

A blind person goes to a restaurant. The menu isn’t printed in Braille, but the customer can ask the waiter to read him the menu. What if he’s deaf, too? Then he’d better have someone to assist him. This is a far-fetched circumstance, of course, and I don’t want to debate it’s particulars or its merits. The point is that you can’t make all technology convenient for all users, but said users might find a way to adapt to the situation if they truly desire to use the technology.

Personally, I’m still trying to adapt my skill to get past Level 3 on Far Cry, lol.

Reply | Quote

“Keep raising obstacles to participation?”

Advocates of coercive change would do better to step back and ask themselves whether it is possible that customers do not entirely share their objectives and lifestyle.  And thus whether it is wise to marginalize them this way.

 

4 users thanked author for this post.

MHCLV941, analogkid, WSruosChalet, DriftyDonN

Reply | Quote

My 93 year old Dad uses two factor.  He does banking online.

Susan Bradley Patch Lady

2 users thanked author for this post.

rc primak, Mr. Austin

Reply | Quote

Some do and that is wonderful.  I just worry about those we leave behind if we “force” 2 factor on everyone.  Make it available, recommend it, but leave room for those who cannot.

 

3 users thanked author for this post.

ctRanger, DriftyDonN, wdburt1

Reply | Quote

And your 93-year old dad does all that with no help from you?

Would be nice if every older person had a technology expert to help them navigate a world dominated by so-called ‘smart’ phones.

Soy Mayor, no Idiota!

1 user thanked author for this post.

analogkid

Reply | Quote

That’s what we’re here to do.  Help everyone navigate tech. 🙂

Susan Bradley Patch Lady

1 user thanked author for this post.

rc primak

Reply | Quote

They may want you to do it, but as long as you have the ability to say no, you can avoid it. I don’t and won’t use a phone to authenticate anything. I stopped using any Google accounts some time ago, but the last I used them, they still let me tell it NO when it tried to get me to add a phone number to the account.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon

2 users thanked author for this post.

Charlie, wdburt1

Reply | Quote

Susan Bradley wrote:

Have you looked into Yubikey?   You press a button on a usb keyfob.

That will go away with the coming of FIDO.

Reply | Quote

Yubikey also supports FIDO2

FIDO2 Passwordless Authentication | YubiKey | Yubico

Susan Bradley Patch Lady

2 users thanked author for this post.

rc primak, Alex5723

Reply | Quote

The Global Cyber Alliance offers some great resources on DMARC (which, in turn, relies on SPF and DKIM).  They have a nice, free, web-based training portal at:

https://edu.globalcyberalliance.org/courses/understanding-dmarc

They also offer an SPF / DMARC validation tool at:

https://dmarcguide.globalcyberalliance.org/#/

Another great, free, tool to monitor DMARC reporting is:

https://app.valimail.com

 

Reply | Quote

Susan,

Many many many thanks for the mention of EasyDmark.com. Been wondering why emails sent from my personal domain mostly wind up in folks’ junk/spam folders. Been looking for something like this literally for years. EasyDmark identified several things that can be improved. Calling my email and domain provider to get these fixed.

Thanks,
Bob

Reply | Quote

I was to understand that Outlook 2010 would stop working with Gmail yesterday. I t has not. I also understand that Outlook 2016 or 2019 WILL work with Gmail if 2010 stops. I also heard that “app passowrds” at Google Security might reinstate that in POutlook.

My other two primary emails are hosted on the host that has my website and a host on Mazon WS.

What do I need to be condcerned about?

I get several hundred emails a day through Outlook. Ho can I be sure none of these will be an issue?

Reply | Quote

I also got the “you may lose access” email from Google, so I changed nothing to see what would happen – mail still turns up as expected.

cheers, Paul

Reply | Quote

as for me. But iphone and iPad today are complainign about enterinf the CalDav passowrd being wrong for the Calendar, Need to figure that one out. its fine in  a browser, just not on devices. Hmmmm.

Hate this. Things work for years then not only break but little true direction to repair or modify.

1 user thanked author for this post.

rc primak

Reply | Quote

Get back to us in mid-June and let us know if 2FA is enforced on your Google accounts by then. My email only said that third party applications which log in with only the user name and password would stop working in early June. 2FA is necessary for the App Passwords to be used with my Google Account.

-- rc primak

Reply | Quote

Google finally changed my email so Thunderbird login no longer worked.

The fix is to change the TB connection method to Oauth2.
And allow cookies from https://accounts.google.com/.
Thunderbird > Preferences > Privacy and Security, Web Content, Exceptions

cheers, Paul

1 user thanked author for this post.

rc primak

Reply | Quote

OK, that was all too weird. Had to fdelete the CalDav account, then add my Google Account for the Calendar at Google (NOT Gmail account – they are different) then all back to expected.

Still ok with Gmail in Outlook at the moment  – knock on wood(y)!

Reply | Quote

Personally, I hate having to click on a two part auth. thing and then they only give you 60 seconds to pick up the phone (in my case my land line because my cell phone number is secret), write down a number they give me and then type it into the space provided, and click continue, or okay, or whatever.

As grandma78633 said – I mainly only use my email for family and friends so all this rigamarole is not necessary for me.  It was fortunate for me that I was able to opt out of this Two Part authorization.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

Thank you Susan. I’d a fast look at the article. For quite some time I’ve been syncing my iPhone contacts locally from a mothership computer’s Outlook via USB to the phone. What might you think the road ahead looks like for having a fairly secured iTunes installation on PCs? Merci.

Reply | Quote

Susan Bradley wrote:

My 93 year old Dad uses two factor.  He does banking online.

I’m younger than your dad ….but not by a lot and I think it is an insane risk for anyone to do banking on line. THAT’S what an iPhone with Face ID is for!

I don’t do two factor and the day Apple is stupid enough to decide to enforce that is the day I throw my iPhone in the trash. IMO there is WAY WAY TOO MUCH emphasis these days on two factor authentication. If something is so delicate, so private, etc. that two factor authentication is really needed, well, I think that something should remain entirely private and never, ever put on line. The current, almost total lack of common sense among USA citizens is utterly absurd especially given that this nation has refused to follow Europe’s guidelines and rules for privacy. Never thought I would live to see this sad situation in this once great nation.

2 users thanked author for this post.

Charlie, Fred

Reply | Quote

Mele20 wrote:

THAT’S what an iPhone with Face ID is for!

That is also used for subtle, digital enslavement, and one’s life is no longer one’s own. If you are interested in reading about that, LMK and I’d send you overview publications about it.

2 users thanked author for this post.

analogkid, Fred

Reply | Quote

We’re going a tad bit off topic and a bit conspiracy theory-ish.  As was pointed out earlier the bad guys find new ways to attack and we have to adjust. That’s all that is happening.

Susan Bradley Patch Lady

1 user thanked author for this post.

rc primak

Reply | Quote

Mele20 wrote:

Susan Bradley wrote:

My 93 year old Dad uses two factor.  He does banking online.

I’m younger than your dad ….but not by a lot and I think it is an insane risk for anyone to do banking on line. THAT’S what an iPhone with Face ID is for!

I don’t do two factor and the day Apple is stupid enough to decide to enforce that is the day I throw my iPhone in the trash. IMO there is WAY WAY TOO MUCH emphasis these days on two factor authentication. If something is so delicate, so private, etc. that two factor authentication is really needed, well, I think that something should remain entirely private and never, ever put on line. The current, almost total lack of common sense among USA citizens is utterly absurd especially given that this nation has refused to follow Europe’s guidelines and rules for privacy. Never thought I would live to see this sad situation in this once great nation.

Recent local history learns that everything I write here now will certainly be erased. The US hegemony has extended to this community, and perhaps beyond. I am also about your age, and have a lot of flying hours in IT_statesecurity; that made me realize that relativation is a prerequisite. As a European here I am very much erased by Kafkaeske-Correctors who think they have a claim to the absolute truth.
Your firm and outspoken opinion is still quite mild here I.M.H.O.

* _ the metaverse is poisonous _ *

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Any post that is moderated should get a notification of the reason.  Let me know if you are not receiving it.  No moderation is done without reason. If you have any concerns or issues you can email me at sb@askwoody.com.  We moderate to keep the forums healthy and to encourage civility.  Thank you for your understanding.

Susan Bradley Patch Lady

Reply | Quote

Why is email authentication changing?

The bad guys got smarter. The good guys must get smarter, too.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

I’d opine the same things. This becomes a long-term game of Whac-A-Mole, and the Black Hats do things for sport and money.

Reply | Quote

Outlook has stopped grabbing GMail through IMAP as of about 10 minutes ago.

I may try the “app password” from Google whihc is reported to be a possible solution. Open tp suggestions.

1 user thanked author for this post.

rc primak

Reply | Quote

I used the google verify method under a different mail client. The google verify method works well, but the setup process is not obvious.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

Unvelievable. It worked with Outlook. I would not have bet.

Here’s a link to the solution:

https://support.google.com/accounts/answer/185833

Had to enable 2 Step for the email account. Then piece of cake.

I’m shocked 🙂

 

2 users thanked author for this post.

rc primak, geekdom

Reply | Quote

I’m happy to hear it worked for you. When I encountered this problem around two months ago between Outlook and Google, I switched my mail servers away from Google. Problems solved. My domains are not registered through them, but through a different registrar. I prefer that Google doesn’t track my private metadata.

Reply | Quote

Fred wrote:

* get out of the poisoned Metaverse *

Master Fred, Who has your favorite, written guide to doing that?

Reply | Quote

MY Jubilation was short lived.

Each time I close Outlook and reopen., it tells me the app pasword is needed and I have to generate another. I was not saving the app specific password but now trying that. If this does not work this is a big problem for me. Outllok freezes until I input a new password.

Reply | Quote

Those are the exact symptoms I saw between Outlook and Google. Google changed its authentication methods.

For my needs, my fix was to get away from Google servers, and instead running my e-mail through the mail servers of my usual registrar. It worked quite smoothly. I called up my registrar on a Friday evening, they made the MX record changes for me, and the propagation time across the web was quite short because that registrar is behemoth. Of course, you either will or won’t feel like migrating your MX records and mail service away from Google would be an option for your very self.

Reply | Quote

Worked once. Tonightor tomorrow will tell the tale.

If i remeber what I read, Google says the password will only be needed once and no need t save. That may not be true. May need to be saved in Outlook in place of the account login password. I think (hope) that is what is going on.

Reply | Quote

The password must be saved to your email client. I would advise you keep a written copy or use password saver if you have to change or rebuild your computer. I saved my password in my mail client and made a copy of it elsewhere.

I use IMAP; the instructions below discuss POP3, but it’s all the same process.

Here is another thread on the same gmail topic where additional instructions have been provided:
https://www.askwoody.com/forums/topic/accessing-gmail-from-outlook-2019-pop3-account-as-a-secure-application/

If you just want instructions:
https://www.askwoody.com/forums/topic/accessing-gmail-from-outlook-2019-pop3-account-as-a-secure-application/#post-2438442

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

An App Password has to be entered into the account profile and saved. It’s useless if it isn’t saved. From then onward you only click to check mail for that account. No password prompt will appear.  Sorry if I wasn’t clear on that point earlier.

-- rc primak

Reply | Quote

[Fred]

rc primak wrote:

Get back to us in mid-June and let us know if 2FA is enforced on your Google accounts by then. My email only said that third party applications which log in with only the user name and password would stop working in early June. 2FA is necessary for the App Passwords to be used with my Google Account.

rc_primak:  5 days ago all my gmail accounts were only allowed to login to check and send email with 2FA with the mobile google_email app and the pc Thunderbird with AoT-authentication set. (For some reason I don’t use Microsoft Office Outlook)… 2Days back the whole authentication procedure was back where it was before.
I reccon that lots of people had problems using their Gmail. Using European-based email like Vivaldi Protonmail and some German-email-addresses will hopefully protect users from this use of data arbitrariness .

 

* _ the metaverse is poisonous _ *

• This reply was modified 11 months, 3 weeks ago by Fred.

1 user thanked author for this post.

rc primak

Reply | Quote

Fred wrote:

5 days ago all my gmail accounts were only allowed to login to check and send email with 2FA with the mobile google_email app

I use Gmail app on my iPhone and Chrome for Gmail on my PC and never been asked for 2FA.

1 user thanked author for this post.

rc primak

Reply | Quote

What I wrote: from that time I ONLY could read and send using the GMail-app on the phone. Meaning before that I did NOT use the GMail-app or Chrome.
Right now when the connection has been set as before, I certainly will neither use the Gmail app on the phone nor the Chrome browser (on the phone and Windows-pc or Linux-pc).

* _ the metaverse is poisonous _ *

Reply | Quote

Alex5723 wrote:

I use Gmail app on my iPhone and Chrome for Gmail on my PC and never been asked for 2FA.

Same here (although I did have to switch Thunderbird to 0Auth2 last month for it to keep working.)

1 user thanked author for this post.

rc primak

Reply | Quote

I also use 3rd party app, MailStore, that logs-in to my Gmail account downloads and backups mail. No 2FA required so far.

2 users thanked author for this post.

rc primak, Fred

Reply | Quote

And once again: gmail returned to their “new authentication method” . On the Android12 phone I am obliged to use the gmail-app…. and now google/gmail is combining all;  who did ask for that? I certainly did Not.

Happy anough on the pc Thunderbird still uses the email accounts seperately, as it used to

So I am looking (again) for software/app that handles each account seperately on the smartphone.

Does anyone have an idea of an emailclient on android that is accepted by google and handles the emailaccounts seperately?  Thanks in advance!

* _ the metaverse is poisonous _ *

1 user thanked author for this post.

rc primak

Reply | Quote

Fred wrote:

So I am looking (again) for software/app that handles each account seperately on the smartphone.

Have you tried Microsoft’s Outlook ?

Reply | Quote

Thank you Alex. I haven’t used Microsoft Outlook for a long time, and if possible I will not. But if necessary I will.

I will first try other options if there are, I hope. In the mean time I am switching to some in EU based emailhandlers. (All Google and Microsoft ea have collected too much personal data already).

* _ the metaverse is poisonous _ *

Reply | Quote

Try free Edison Mail

https://www.edisonmail.com/

Works with email providers including Gmail, Yahoo Mail, AOL Mail, Hotmail, Outlook, Exchange, IMAP, Alto, iCloud, and others.

1 user thanked author for this post.

rc primak

Reply | Quote

Thanks Alex! , I will try this 🌷.

Gives me something  to do 🙂

* _ the metaverse is poisonous _ *

Reply | Quote

rebop2020 wrote:

I was to understand that Outlook 2010 would stop working with Gmail yesterday. I t has not. I also understand that Outlook 2016 or 2019 WILL work with Gmail if 2010 stops. I also heard that “app passowrds” at Google Security might reinstate that in POutlook.

My other two primary emails are hosted on the host that has my website and a host on Mazon WS.

What do I need to be condcerned about?

I get several hundred emails a day through Outlook. Ho can I be sure none of these will be an issue?

If I were you, I’d take advantage of this apparent grace period and get things sorted out. The newer versions of Outlook will work but you may have to make a change or two to your email account settings in Gmail, mainly the one about “less secure apps”, though that might not be visible any longer. Also, ensure your default browser is a “modern” one, e.g., Edge, Chrome, Firefox and that it’s updated to the current release.

As for Outlook, use File –> Account Settings –> Account Settings –> New and follow the steps in the wizard. Frankly, I don’t fully understand what’s happening behind the curtains, but the end result is your Gmail account is added as IMAP/SMTP. (And no, you apparently cannot add it manually.)

The most annoying thing is that you end up with a separate Inbox for each Gmail account (apparently IMAP does not believe that sharing is caring).

Reply | Quote

rc primak wrote:

Get back to us in mid-June and let us know if 2FA is enforced on your Google accounts by then. My email only said that third party applications which log in with only the user name and password would stop working in early June. 2FA is necessary for the App Passwords to be used with my Google Account.

Web login does require but with an option to remember the computer. Outlook 365 (the program) is not getting it.

1 user thanked author for this post.

rc primak

Reply | Quote