I would have to also hack the email client since I don't enter my 20 character high entropy password when I send or retrieve email.
You really need an email standard to integrate TOTP. To be realistic, you need Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live in the real world, so whatever Google wants, I comply. Original Message From: jtam.h...@gmail.com Sent: October 27, 2020 3:57 PM To: dovecot@dovecot.org Subject: Re: SV: Looking for a guide to collect all e-mail from the ISP mail server On Tue, 27 Oct 2020, Sebastian Nielsen wrote: > Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients. You can bodge it for HOTP/TOTP hardware token generators. Dovecot allows custom plugins to check passwords. The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to check validity. Joseph Tam <jtam.h...@gmail.com>