I don't think it's mutt that needs to use Google's dual authentication, it's the user of Mutt. I have had no issues using Google's dual authentication in several years, since Linux Foundation first started requiring it some years ago. In fact Google's dual authentication has become less onorous in recent months. I've not been asked to reauthenticate in some time, across several system reboots. If your IP address stays stable, I think you'll find similar ease. About 6 weeks ago I got a new Android phone. That prompted a validation request, i.e. I'm confident authentication is still functioning. I have used both Google's voice call second factor, as well as its SMS. Assuming I'm home, I much prefer the former. From within Firefox, after logging in with account ID and password, A google bot calls my voice phone and reads out a 6 digit code for me to enter in the web form. From there a TAB to Submit followed by Enter, and I'm in. Because I've also chosen to register a few of my smart phone devices, I may get a popup toast message on a registered device asking whether it was really me that just tried logging in on my account. I can simply double-tap the "Yes, that was me" button, and I'm in. This is what I did on my old phone when I first brought my new phone on Google. Needless to say, the new phone is now also registered. Now I don't use Google's smtp as I have my own. However I would expect similar behavior, meaning that you're logged in and registered with the device you intend to use for outbound mail. It'll store your IP address, and whatever additional machine identifying info it tracks--that I don't know. Beyond that it's looking for a TLS cert, but I believe any valid TLS should do the job. Personally, I wouldn't want them to simply accept outbound mail, without some kind of authentication. That would only serve as a vector for spam amplification. hth Janina Justin Skists writes: > > On 11 June 2018 at 01:14 Chuck Hallenbeck <chuckhallenbeck@xxxxxxxxx> wrote: > > > Anybody else able to use gmail.com with that security feature > > disabled, as google advises? Suggestions appreciated. > > Unless mutt and co. start using Google's OAuth and two-factor authentication (like some of the newer GUI clients), it may be impossible to continue to use gmail.com for SMTP and IMAP unless you keep the insecure security settings. > > I used to use gmail.com as my kernel development address, but then I started migrating away from it after seeing this news article suggesting that gmail was becoming more-and-more a walled garden: > > https://www.theregister.co.uk/2018/04/16/google_gmail_security/ > > > Justin. > _______________________________________________ > Speakup mailing list > Speakup@xxxxxxxxxxxxxxxxx > http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup -- Janina Sajka Linux Foundation Fellow Executive Chair, Accessibility Workgroup: http://a11y.org The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) Chair, Accessible Platform Architectures http://www.w3.org/wai/apa _______________________________________________ Speakup mailing list Speakup@xxxxxxxxxxxxxxxxx http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
