Have you thought about encrypting the file itself (see https://www.openssl.org/docs/apps/enc.html)? You would probably have to decrypt the file each time you start fetchmail, and remove it before you log off, but openSSL has a command line interface; just write a script to do this when fetchmail starts. On Sun, 26 Jul 2015 15:37:22 +0200 "Carlos E. R." <carlos.e.r@opensuse.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-07-26 05:34, Anton Aylward wrote:
What websites other than Google use two-factor authentication?
As I implied, quite a few bank. or their brokerage arms. In some countries and not others. It make sense to have financial transactions more aggressively secured. Perhaps we also need to force some classes of personal financial transactions to require personal certificates as well so as to have two way authentication, just as banks do when talking to each other for transfers.
As I was going to sleep yesterday, I thought of an issue: email passwords as stored by fetchmail.
Fetchmail stores the passwords in a plain text file, which is only protected by the Linux user password while the system is running. A laptop can be stolen and the passwords simple read from the disk.
Some people may think that it is just email. But email is often used as one of the factors in authentication to many sites. In many it is used as a method to send passwords when lost. Thus securing the email password is crucial.
I can only think of symlinking .fetchmail to an encrypted partition. Another way?
- -- Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlW04pIACgkQja8UbcUWM1zbaQD/Vznz8pgBvpjLLbIhH7wyEWoL 8LxXdYAvoROV0Apt2aoA/R80aGVQy63ViVBnrZajoHKpalIRQGqdcewZm3ua+owu =us+b -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org