You could use third party clients with 2FA enabled in the past (at least I could). I think I used my normal password for the clients, so no real 2FA on that side, but that’s no different from the new app specific passwords. IMAP doesn’t allow 2FA so every mail provider allowing third party clients essentially has a weak point with no 2FA there.
GreatBlue@infosec.pub 6 months ago
Basically, yes, they couldn’t use them. The old 2FA had a really weird implementation…
20nat@feddit.it 6 months ago
This is just wrong, you used the main account password instead of an app password
Rogue1633@discuss.tchncs.de 6 months ago
You could use third party clients with 2FA enabled in the past (at least I could). I think I used my normal password for the clients, so no real 2FA on that side, but that’s no different from the new app specific passwords. IMAP doesn’t allow 2FA so every mail provider allowing third party clients essentially has a weak point with no 2FA there.