[FFmpeg-devel] Project orientation

James Almer jamrial at gmail.com
Tue Jul 7 16:03:34 EEST 2020


On 7/7/2020 8:33 AM, Steinar H. Gunderson wrote:
> On Tue, Jul 07, 2020 at 01:30:52PM +0200, Nicolas George wrote:
>>> We don't live in a world of innocence. Enabling "less secure" applications
>>> is trouble waiting to happen.
>> Please don't believe that "less secure" applications are actually less
>> secure. The only thing they are less secure for is advertisers' business
>> model.
> 
> FWIW, the “less secure” part is about not supporting 2FA (POP/IMAP has no
> OAuth-like authentication methods).

This is not true. Thunderbird and i assume any modern IMAP/SMTP client
supports Oauth (which triggers the 2FA Gmail offers), so it's not one of
the "Less secure" applications Google warns you about.
And for those applications, like git send-email, they introduced the
"App passwords" that you can use to you login without Oauth and thus no
2FA prompt, without having to make any changes in security settings like
it was years ago.

> It is a very real concern -- for a large
> majority of users, enabling a good 2FA method would be the single most
> important thing they could do to improve their account security.
> 
> /* Steinar */
> 



More information about the ffmpeg-devel mailing list