Educause Security Discussion mailing list archives

Re: Back on topic.... Re: [SECURITY] University credentials used by third parties

From: Mike Porter <mike () UDEL EDU>
Date: Wed, 25 Aug 2010 14:53:17 -0400

On Wed, 25 Aug 2010, Jesse Thompson wrote:

On 08/25/2010 10:55 AM, Mike Porter wrote:
What was the violation?
The obvious, unless you consider double standards a violation.
The problem that users woud need to store a password, likely the regularone, at gmail in order to use imap?
right.
We ended up with a convoluted system to avoid some of those issues.
Care to elaborate? I presume that the only solution to this problem is torequire token-passwords for IMAP in lieu of the real passwords.


Yes.  The user can chose to send their "real" password, a random
password we will reveal to them, or a completely different password.

This causes lots of confusion.

But, not as much as Google's decision to block API based forward
setting with 0 days notice.  I'm still living with the changes that
caused.

You do get what you pay for...

Mike


Jesse


-
Mike Porter
PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA  2F D2 37 F3 99 ED D1 C2

Current thread:

Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties, (continued)
- - - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 24)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties David Gillett (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Semmens, Theresa (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Eric Case (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Adam Carlson (Aug 25)
    - Experience with EPO and endpoint encryption David Grisham (Aug 25)
    - Re: Experience with EPO and endpoint encryption Gibson, Nathan J. (HSC) (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
    - Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Darren Fallis (Aug 24)
- Re: University credentials used by third parties Guy Pace (Aug 17)
  - Re: University credentials used by third parties Greg Schaffer (Aug 17)
- Re: University credentials used by third parties Adam Carlson (Aug 17)
  - Re: University credentials used by third parties Flynn, Gary - flynngn (Aug 17)
- Re: University credentials used by third parties Martin Manjak (Aug 18)
  - Re: University credentials used by third parties Paul Kendall (Aug 18)
    - Re: University credentials used by third parties Bradley, Stephen W. Mr. (Aug 18)
    - Re: University credentials used by third parties Bristol, Gary L. (Aug 18)
    - Re: University credentials used by third parties Ken Connelly (Aug 18)

(Thread continues...)