Allegedly, on or about 24 December 2018, home user via users sent: > 2. What are the advantages, disadvantages, and security risks of each > of the 6 authentication methods offered by Thunderbird for yahoo e- > mail? You can only use the options that the ISP supports as well. Which probably means only one or two out of the list. Look them all up on Wikipedia, if you want mostly understandable explanations of each of them. Normal password is the common plain-text/unencrypted username and password logon scheme as used with POP/IMAP for many years. Though, when you enable secure logon features (like TLS), an encrypted connection is set up, first, and the transmitted data will go through it *ALL* encrypted. Kerberos is an authentication scheme that's probably only going to be available within an office LAN. NTLM was a Microsoft scheme. GSSAPI and OAuth2 are processes of how to handle logons. I've never used any public mail system that uses any of them (or advertises that they do). SSL/TLS will use encryption to log on (your username and password will not be sent in the clear), and for transmitting the message (the connections are encrypted). TLS is supposed to be better than SSL. But what you're doing is sending unencrypted content through a secured channel, either side of the connection between yourself and your mail server, the message is readable by anybody who can manage to look at it. Remember that most mail goes unencrypted between the different mail servers in the world. If you require privacy, then you need to encrypt your messages using something like GPG/PGP. Both sides of the conversation need to understand how to use it. Certificates (depending on context) will either use a certificate instead of username and password, or will simply be the verification of the encryption used by the server (like when using HTTPS on the WWW) before the logon process starts, or used for encrypting the entire message. Some schemes simply encrypt the logon procedure, for user security, but the actual transmission of messages isn't encrypted. So, if you were working in an insecure LAN, for instance, messages could be read by snooping on the data. Be aware that it's possible to configure encryption, or not, separately for receiving and sending mail. If you require it, pay attention to what you're configuring. -- [tim@localhost ~]$ uname -rsvp Linux 4.16.11-100.fc26.x86_64 #1 SMP Tue May 22 20:02:12 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. Error: unable to decode remainder of message. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
