On Thu, Jan 02, 2020 at 06:13:07PM +1100, Brian May wrote:
I notice the instructions say "The resulting setup is not more secure than a regular getmailrc with 0600 permissions." - which is no surprise really.
As I understand it, there is arguably a *slight* security improvement in the initial application setup. If the user has two-factor authentication enabled, it would be difficult for someone who learns the password to access e-mails - they would need to have a copy of either the 2FA device, or the security token. I suspect the real reason Google is forcing this is because they want to help make using client applications less convenient over the web interface.
I have a user who is using gmail with Outlook 2007. They might be affected more so then me. I have told said user they will need to upgrade to Outlook 2019 or Office 365, or use gmail from the website, it looks like Outlook 2007 does not support OAUTH from what I can tell.
Maybe you could put in a plug for Thunderbird or something else that's free software, since it sounds like the user will have to upgrade anyway. Better to make it a true upgrade. :)