On Friday March 04 2022 14:22:27 A. F. Cano wrote: >If you run the FreedomBox in a standalone box as the gateway/firewall, >like I do, and the email server is on it, it is not in your lan. The
I don't know where you are, but here internet connectivity is provided through modem/routers that are provided by the ISP, and have the firewall etc. installed. It's their property running a firmware they provide and keep up to date, and that makes updating (and hopefully also breaches and the like) their problem as long as I don't do anything too wild with the configuration. With the default set-up the entire LAN is invisible from the outside world, except for devices that know how to tunnel to the outside (I had a surveillance camera for our puppy that did this). TBH that suits me just fine! It turns out that after activating 2-factor auth you indeed get the possibility to define app-specific passwords. Just like with Apple's iCloud you can use those pws to log in with your username. And as with iCloud, there's nothing app-specific in these passwords; you can define one of them and use it with each and every app you want, from each and every host you have. The only additional security you get is that these are random, strong passwords (but if you define 10 of them that increases the chance to brute-force one by a factor 10, I think). Well, that, and someone who does guess the pw cannot lock you out, I presume. I did not (yet) get a warning email on the account where I had that enabled, so we'll see on May 30th if this continues to work. R
