You could use third party clients with 2FA enabled in the past (at least I could). I think I used my normal password for the clients, so no real 2FA on that side, but that’s no different from the new app specific passwords. IMAP doesn’t allow 2FA so every mail provider allowing third party clients essentially has a weak point with no 2FA there.
Comment on Mailbox.org now has normal 2FA
GreatBlue@infosec.pub 1 week agoBasically, yes, they couldn’t use them. The old 2FA had a really weird implementation…
Rogue1633@discuss.tchncs.de 1 week ago
20nat@feddit.it 1 week ago
This is just wrong, you used the main account password instead of an app password