Many thanks, Philip. I'm confused, though. First of all, I've just looked up oAuth on Wikipedia and the explanation of how it works went over my head - I don't understand how it can be possible for my to authorise access without supplying a password.
But secondly, whenever I log into Google or Chrome or Gmail, I am asked for a password - so if Google themselves make me type my password, in order to sign in, how is that any different from me typing my password in the K-9 Mail sign-in screen when adding my Gmail account to K-9 Mail? Finally and most importantly for me in the short term, are there any serious risks for me if I choose the setting to turn on on access to "less secure" apps that Google offered me but said it didn't recommend me to choose? Or can I safely do this? As a follow-up to the last question above, if you do consider that it's safe to choose this setting but consider that it will be safer still to change it once K-9 Mail incorporates oAuth, will it be straightforward for me to change the setting then? I can't see any way to get to webpage where the setting is, other than by following the link from the email Google sent me, which won't be a valid link in the long term. Dave On Wednesday, 18 January 2017 15:54:33 UTC, Philip Whitehouse wrote: > > The less-secure sign in means an app that doesn't use OAuth and instead > require you to provide your password. > > I've done some work to support this in K-9 ( > https://github.com/k9mail/k-9/issues/655). pEp have chosen to merge this > code, despite the fact it's fairly unfinished. K-9 needs some UI work and > testing of this feature, that will hopefully land in a future stable > release. > > Other apps may implement the protocol, I'm not sure which though. > > - Philip Whitehouse > > On Tuesday, 17 January 2017 22:49:41 UTC, Dave Rado wrote: >> >> I'm trying to add my recently created Gmail account as a second email >> account in K-9 Mail, but when I tried to add it, I was prevented from >> signing in - the sign-in screen said that my password was incorrect, >> although it wasn't; and a few seconds later I received an email from Google >> saying: >> >> "Google just blocked someone from signing into to your Google account >> from an app that may put your account at risk." Then if I click the link to >> confirm that it was me who had tried to sign in, it took me to a webpage >> that states: "Some apps use less secure sign-in technology which makes your >> account more vulnerable. You can turn off access for these apps, which we >> recommend, or turn on access if you want to use them despite the risks." >> >> >> It then gives me the option to turn on access to "less secure" apps (not >> just to K-9 mail but to *all "*less secure" apps, which I find scary). >> >> Interestingly, I was able to add my Gmail account to the stock Android >> email app without any problems, so presumably that app uses what Google >> regards as a "more secure sign-in technology" - but I don't like the stock >> email app, which is why I got K-9 Mail in the first place. >> >> Does Google have reasonable grounds for claiming that K-9 Mail "uses a >> less secure sign-in technology"? Are the risks real or imaginary? And if I >> select the option to turn on access to *all* less secure apps, am I >> taking a serious risk? If so, what non-Google email clients for Android are >> available that use what Google would regard as a "more secure sign-in >> technology" and which have comparable functionality to K-9 Mail? >> >> Dave >> > -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
