|
|
Email Account Login Security (IMAP)
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
I'm a little concerned about email password security. On my MobileMe account, for example, my incoming mail authentication is encrypted. However, when I authenticate to send messages out, the only way I can authenticate is with my user name and password without encryption. So my assumption is, while my account login may well be secure when I fetch messages, sending anything out defeats my security because my login is being sent out in the clear.
Whenever I've attempted to use secure SMTP login, my SMTP has failed. Is there something I'm doing wrong, or is this an oversight on the server side that makes users vulnerable to login sniffing?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2001
Location: San Francisco, CA
Status:
Offline
|
|
Try setting your SMTP port to 587, instead of using the default ports (if you are using Mail.app). That should work with SSL...
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2002
Status:
Offline
|
|
On my computers, the MobileMe SMTP server is set to use SSL, so it should work. I left the port configuration at the default. What exact error are you getting when you try to use SSL?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Technically outgoing mail authenticate is not encrypted with SSL, it is encrypted with TLS, unless you use a really old ass email program like Outlook Express Windows or Entourage v.X. Mail just refers to the encryption as SSL even though it in fact isn't.
port 587 + TLS is pretty common, if others say that MobileMe is setup that way I would not be at all surprised.
I'm surprised that Apple even permits unencrypted authentication. That's frankly pretty lame.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Okay, for example, I'm using Windows Live Mail (the replacement for Outlook in Windows 7). Currently I have under Outgoing Mail Server the setting checked "My server requires authentication." When I click settings i see that the first radio box is active, "Use same settings as my incoming mail server"
and the option to "Log on using secure password authentication" is dimmed. I guess that means my password is going out in the clear.
I think Windows Live Mail's configuration interface isn't optimal, but when I tried to give it my Account Name and Password again and click to log on using secure authentication, it failed every time. There's no advanced setting for TLS or port numbers that I can find. I used to use Opera's mail client until it stopped checking mail reliably, but with it I could still only do basic login. (I first tried Thunderbird but no matter what I did it couldn't send mail out at all.)
I'll have to look at my settings in Mail on my MBP tomorrow to see if it uses secure SMTP. I think it does, but I can't figure out why Windows clients can't handle it. Could it possibly be a MobileMe Apple quirk?
Quick Edit: Okay, I reviewed my configuration in Opera and it was set for SMTP encryption. Apparently it was just Microsoft's lame mail client. I also now have seen that Opera 11 is reliably fetching my mail again, so I guess I'll just switch back. Sorry for jumping to the wrong conclusion that Apple was at fault.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Big Mac
Okay, for example, I'm using Windows Live Mail (the replacement for Outlook in Windows 7). Currently I have under Outgoing Mail Server the setting checked "My server requires authentication." When I click settings i see that the first radio box is active, "Use same settings as my incoming mail server"
and the option to "Log on using secure password authentication" is dimmed. I guess that means my password is going out in the clear.
Secure Password Authentication is some Microsoft thing that doesn't seem to be used much, if at all. This is totally different than SSL/TLS encryption.
I think Windows Live Mail's configuration interface isn't optimal, but when I tried to give it my Account Name and Password again and click to log on using secure authentication, it failed every time. There's no advanced setting for TLS or port numbers that I can find. I used to use Opera's mail client until it stopped checking mail reliably, but with it I could still only do basic login. (I first tried Thunderbird but no matter what I did it couldn't send mail out at all.)
You definitely don't want Secure Authentication checked for the vast majority of ISPs, including MobileMe. Login will fail with this checked.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|