[sylpheed:36932] Re: gmail auth problem

G.A. L.F. the.real.galf at gmail.com
Tue Aug 4 03:57:10 JST 2020


On 8/1/20, Anton Shepelev <anton.txt at gmail.com> wrote:
> Why on Earth does Google consider the time-honoured POP3 and
> SMPT protocols, implemented in all free mail clients, "less secure"?

Google considers the authentication mechanisms less secure because the
credentials are being sent over the communications channel (and yes,
they know fully well that POP3S uses TLS).  Google has been trying to
make this push for users to switch to using OAuth 2.0 API over
password-only authentication for quite some time now.

In fact, prior to the whole COVID-19 thing, Google had plans set in
place to do away completely with password-based authentication for
third party apps (for which Sylpheed would have no doubt have been
included).  I believe their early target date was February 2021 when
password authentication would no longer function with POP and IMAP
based protocols.  Unfortunatley, as far as I know, Sylpheed doesn't
support OAuth authentication -- although it may now, I don't know if
I'm using the most-recent release, so if anyone knows differently
please feel free to correct me.

Like I said, with COVID-19 rearing its ugly face on the scene Google
eventually scrapped their plans, at least for now, to do away with
password-only authentication.  If the Sylpheed maintainers decided to
implement the OAuth 2.0 API in a future release I wouldn't complain
(although I never do because I am a huge Sylpheed fan) :-)

-TRG


More information about the Sylpheed mailing list