On January 18, 2017 8:08:26 AM PST, 'Dave Rado' via K-9 Mail <[email protected]> wrote: >Many thanks, Philip. I'm confused, though. > >First of all, I've just looked up oAuth on Wikipedia and the >explanation of >how it works went over my head - I don't understand how it can be >possible >for my to authorise access without supplying a password.
The point of oAuth is that you can authorize 3rd parties without telling _that party_ your password. Basically, you tell Google your password, then Google hands you an oAuth token that you give to the 3rd party app, then the app uses that token to log in. I believe (not a security expert) that most of the security issues with oAuth are with the machinations that occur to pass the token to the app without user intervention. The actual login is reasonably secure. >But secondly, whenever I log into Google or Chrome or Gmail, I am asked >for >a password - so if Google themselves make me type my password, in order >to >sign in, how is that any different from me typing my password in the >K-9 >Mail sign-in screen when adding my Gmail account to K-9 Mail? Google is the second party. You have to tell them your password since they're the ones deciding whether to log you in or not. K-9, however, is not Google. Google doesn't want you to tell your password to 3rd party software / services since they can't guarantee that software / service isn't malicious. --Sean -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
