OAuth

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
https://www.att.com/esupport/article.html#!/email-support/KM1240462

It appears that I will no longer be able to access my emails with Outlook 2013, 2016 or the Thunderbirds, etc.
All I can find easily on the OAuth is about servers and technical stuff. :( Will all email services start using this system soon?
Is there an explanation of this system that I can understand from the consumer privacy perspective?
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,327
Location
Gold Coast Hinterland, Australia
It looks like AT&T are updated their authentication technology for direct connections, either:
a, update to a client that support OAuth authentication, OR
b, create a Secure Email Key and use this in lieu of your normal password when configuring IMAP/POP3 access in your current email client.

https://www.att.com/esupport/article.html#!/email-support/KM1240308?gsi=5msjyd

Nothing special about the latter, it's just a fancy way of saying 'rather than using your normal password for IMAP/POP3 access, we create a unique password for that access method'.

(Note: The latter is what Google require you to use, if accessing gmail via IMAP/POP3).
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
Gmail/GSuite still lets you disable that annoyance:

Settings - Google Account Settings - Security - Less secure app access

AFAIK, it's only useful if your phone is stolen - and you don't have a lock on your phone. Happy for someone to logically explain how a separate password helps otherwise.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
What prevents the OAuth from reading the emails or distribution of the passwords?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
The OAuth is just a token system that allows you access, it doesn't read the emails. If AT&T is hosting your email and also the OAuth service...they have access to your emails anyway.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,327
Location
Gold Coast Hinterland, Australia
This is only useful in the situation were you are using your ISP's email service.

Typically, the user account/password for both account administration and email are the same, ergo if someone has your password extracted from your email client, they could potentially login into the customer account portal and modify your account. For someone like AT&T or any other major telco, this could include purchasing new mobile phones, setting up new accounts, etc.

By enforcing different passwords for email and the user account (in the customer portal), means if the password used for email is acquired by 3rd parties, doesn't allow the person to access your overall account settings and do other things as well. (eg purchase new mobile phone) All that is lost, is access to the email component of the service.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
Thunderbird does support OAuth, but I've only used it in connection with Gmail.

I wouldn't put it past AT&T to use something non-standard or out of date which isn't compatible, however.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
Maybe ATT is off the Oath now? All these big telco shenanigans are why I mostly use the 3rd party emails.
It's just that there are too many old ATT and Verixons emails to find them all.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
Why did you leave the messages on the telco servers?

I've always downloaded my messages, so Thunderbird now manages about two decades' worth in email.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
Why did you leave the messages on the telco servers?

I've always downloaded my messages, so Thunderbird now manages about two decades' worth in email.

No, it's not that. I normally use the POP 3 to download and delete, except on all the cellphones. For many years I used Verizon and some ATT email addresses for various websites.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
Other than that I won't be able to retrieve any new emails on the ATT SBClobal account after they implement the OAuth?
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
Yeah, that's the most likely outcome. I hope it doesn't become an industry standard in my lifetime.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
I'm guessing that you're dead already, then.

You may want to check if Gmail will fetch the mail for you. I haven't set it to up with any other accounts since the days of POP, so I don't know what it supports now.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,624
Location
USA
Do you mean that everyone will start using the OAuth soon? I don't use the GMail except to set up a cell phone.
 
Top