Why can't modern authentification be used instead ...

pamelapuk · ‎23-04-2023

I understand that TLS 1.0 and TLS 1.1 encryption protocols are insecure but my Thunderbird client is set up for TLS 1.3 - why can't BT use that for its btconnect accounts? Or why can't they use OAuth2? Is this only web access for btconnect really necessary due to Microsoft changes or are we being misled?

rachelgomez123 · ‎25-04-2023

Modern authentication methods such as OAuth2 and two-factor authentication (2FA) can be used with POP3, but they do not address some of the fundamental security limitations of POP3.

One of the main limitations of POP3 is that it does not provide end-to-end encryption for emails. This means that emails are transmitted in plain text, making it easy for attackers to intercept and read the contents of the messages. While modern authentication methods can help to prevent unauthorized access to email accounts, they do not address this encryption issue.

Another limitation of POP3 is that it does not support the synchronization of emails across multiple devices. This means that if you access your email from multiple devices, you may end up with different copies of your messages on each device. Modern authentication methods do not address this issue either.

Therefore, while modern authentication methods can improve the security of POP3 to some extent, they do not address all of the security and usability limitations of the protocol. As a result, many organizations have moved away from POP3 in favor of more modern email protocols such as IMAP and Exchange ActiveSync, which provide better security, synchronization, and other features.

Regards,

Rachel Gomez

pamelapuk · ‎25-04-2023

@rachelgomez123

Thanks for explaining this. I understand we won't be able to use IMAP with btconnect - why is this not going to be possible?

Why can't modern authentification be used instead of abandoning POP3?