Re: Questions about gmail app passwords

2016-04-25 Thread cs 

On 25Apr2016 19:45, Grant Edwards  wrote:

On 2016-04-25, David Champion  wrote:

* On 25 Apr 2016, Grant Edwards wrote:

[regarding Google "app passwords"]

Do you need different, unique passwords for mutt, imap, msmtp,
offlineimap, and all other IMAP or SMTP clients on a particular
machine?

Are you required to use the same password for mutt on all machines?


No. You can create as many application-specific passwords as you need
at https://security.google.com/settings/security/apppasswords.  Each
can be tagged with an application name and a device name to help you
remember where you're using that password, but they're all equivalent.
Google doesn't pick up on what each one is specifically being used from,
although they may track whether passwords are being used at all.

Choose your own granularity.


David, thank you for this information; I've been wondering exactly the same 
thing recently.



I'll probaby go with a single "app password" per account per physical
machine.  Next I suppose I should figure out how to use gpg-agent so I
don't store them in plaintext.  It would be nice if I could somehow
combine ssh-agent and gpg-agent so I don't have to enter a passphrase
twice...


A shell wrapper using expect might to the trick. Personally I'm going to enter 
my passphrase twice.


Gpg-agent does work; I used to use it and intend to fix it up again (I forget 
what troubles I had, they probably revolved around poor agent setup on my 
part).


Cheers,
Cameron Simpson

Re: Questions about gmail app passwords

2016-04-25 Thread Grant Edwards 
On 2016-04-25, David Champion  wrote:
> * On 25 Apr 2016, Grant Edwards wrote: 

[regarding Google "app passwords"]

>> Do you need different, unique passwords for mutt, imap, msmtp,
>> offlineimap, and all other IMAP or SMTP clients on a particular
>> machine?
>> 
>> Are you required to use the same password for mutt on all machines?
>
> No. You can create as many application-specific passwords as you need
> at https://security.google.com/settings/security/apppasswords.  Each
> can be tagged with an application name and a device name to help you
> remember where you're using that password, but they're all equivalent.
> Google doesn't pick up on what each one is specifically being used from,
> although they may track whether passwords are being used at all.
>
> Choose your own granularity.

Thanks.  I suspected that was the case, but thought perhaps Google
might be trying to fingerprint the connection attempts to actually
identify the application and/or machine.

The Google documentation is pretty much mute on the subject, and third
party write-ups never address it either, they just provide a recipe
for making it work with one app on one machine (actually in one case
two apps on one machine, and it just stated: "create two passwords"
with no explanation).

I could have created a throw-away Gmail account and do some
experiments to figure this out, but it didn't seem like something I
wanted to do via trial-and-error on my "production" machines with my
real accounts.

I'll probaby go with a single "app password" per account per physical
machine.  Next I suppose I should figure out how to use gpg-agent so I
don't store them in plaintext.  It would be nice if I could somehow
combine ssh-agent and gpg-agent so I don't have to enter a passphrase
twice...

-- 
Grant Edwards   grant.b.edwardsYow! Now, let's SEND OUT
  at   for QUICHE!!
  gmail.com

Re: Questions about gmail app passwords

2016-04-25 Thread David Champion 
* On 25 Apr 2016, Grant Edwards wrote: 
> When one enables Google two-step verification, one can generate
> "application specific" passwords for use by programs like mutt,
> offline-imap, msmtp, exim, fetchmail, etc.  I've been reading both
> Google and third-party documentation on this, and can't find any
> description of what "application specific" actually _means_.

It means nothing. You can think of it as "supplementary password".


> Do you need different, unique passwords for mutt, imap, msmtp,
> offlineimap, and all other IMAP or SMTP clients on a particular
> machine?
> 
> Are you required to use the same password for mutt on all machines?

No. You can create as many application-specific passwords as you need
at https://security.google.com/settings/security/apppasswords.  Each
can be tagged with an application name and a device name to help you
remember where you're using that password, but they're all equivalent.
Google doesn't pick up on what each one is specifically being used from,
although they may track whether passwords are being used at all.

Choose your own granularity.

-- 
David Champion • d...@bikeshed.us