-
-
- It's more of a due diligence argument. Duty of care is easier to demonstrate when sticking with actively developed software.02-11-21 02:04 PMLike 0
-
Well I guess Gmail is free so perhaps you can give them a bit of a discount too, lol.02-11-21 02:13 PMLike 0 -
But using actively developed and supported products gives me a stick if something bad ever happens. Hence a Pixel 5, running Android 11, with a Feb 2021 security patch, and the Gmail app (updated weekly).Last edited by conite; 02-11-21 at 03:49 PM.
02-11-21 02:52 PMLike 0 - In my case, my clients are protected by the security protocols of the vendors I use and whose security requirements I have to meet in communication with clients. Most of the industry uses Microsoft O365 for archiving, compliance and security protocols. The BBHub didn’t seem to be keeping up to DOL, SEC and FINRA standards.pdr733 likes this.02-11-21 04:53 PMLike 1
- In my case, my clients are protected by the security protocols of the vendors I use and whose security requirements I have to meet in communication with clients. Most of the industry uses Microsoft O365 for archiving, compliance and security protocols. The BBHub didn’t seem to be keeping up to DOL, SEC and FINRA standards.02-11-21 05:14 PMLike 0
- Obviously Hub Inbox is compatible with 365 as long as an app password is used. Check. As for the other three you listed, I'd be curious to know how you found out whether or not it was compliant with any of them and who made that determination? "Didn't seem to be keeping up" isn't exactly a precise justification.02-11-21 07:14 PMLike 0
- The SEC makes the the policies usually and the other agencies mirror the policies. Additionally, most institutions have other regulatory oversight and follow standards from those agencies too. Primary regulation is regarding privacy laws of customer information. You don’t think we get to determine or interpret what the regulators and E&O carriers do. It’s simply about liability. The standards are for 2FA now.02-11-21 07:31 PMLike 0
- I don't follow your reasoning. You referenced three other standards in addition to the authentication method in your previous post: DOL, SEC and FINRA. App password is an acceptable workaround for Modern Auth. The other three you listed you seem to be ignoring. So is it safe to assume you have no idea whether Hub Inbox complies with these others?02-11-21 09:14 PMLike 0
- It doesn't matter if some other method complies if my vendors don't think it's good enough or choose not to support. I require 2FA since my vendors require 2FA since either the regulators are there already or signalling to everyone that's where the ultimate destination is until the next upgraded standard.
You guys sure have some convoluted justifications for not using Hub. Might as well say you just don't like it anymore and get it over with. At least that answer would make sense.02-11-21 09:28 PMLike 0 -
What's the question for me beyond that?02-11-21 09:45 PMLike 0 - So your vendors told you they didn't want you as a supplier anymore unless you stopped using BlackBerry Hub as an email client? This keeps getting more and more interesting...02-11-21 09:53 PMLike 0
-
- I'm an independent licensed retirement planner. My vendors are regulator approved providers of regulator approved services as outsourced third party.02-11-21 10:23 PMLike 0
- It's convoluted because you guys are trying to make it sound like you have high and mighty reasons for not using Hub when it basically boils down to a matter of personal preference. No one is going to reject your business, nor does it pose any reasonable liability, simply because you used BlackBerry Hub Inbox as an email client on your phone.
At least it made for an entertaining discussion. I appreciate your explanations.bh7171 likes this.02-11-21 10:30 PMLike 1 - It's convoluted because you guys are trying to make it sound like you have high and mighty reasons for not using Hub when it basically boils down to a matter of personal preference. No one is going to reject your business, nor does it pose any reasonable liability, simply because you used BlackBerry Hub Inbox as an email client on your phone.
At least it made for an entertaining discussion. I appreciate your explanations.
Nor is it a unique perspective. It's pretty much at the top of the list of good security policy.02-11-21 10:35 PMLike 0 - It's convoluted because you guys are trying to make it sound like you have high and mighty reasons for not using Hub when it basically boils down to a matter of personal preference. No one is going to reject your business, nor does it pose any reasonable liability, simply because you used BlackBerry Hub Inbox as an email client on your phone.
At least it made for an entertaining discussion. I appreciate your explanations.
You seem to not be able to understand that some companies simply refuse to allow less secure methods. It's not a question of is it safe or not, as it's not even a option some companies allow. There is no "less secure" method allowed.
Now if individual with their own accounts want to use a "less secure" option, I'm fine with that. And as long as you use a unique and complex password, I think it could be very safe. But I bet many here are using the same old password that they use everywhere... same as was used in several data leaks.
Me, I've been using unique passwords with every account or site I have. And if 2FA is an option, I enable that as well.02-16-21 09:22 AMLike 0 - Most every email platform considers App Specific Passwords less secure... for many that is even the heading that option is found under..
You seem to not be able to understand that some companies simply refuse to allow less secure methods. It's not a question of is it safe or not, as it's not even a option some companies allow. There is no "less secure" method allowed.
Now if individual with their own accounts want to use a "less secure" option, I'm fine with that. And as long as you use a unique and complex password, I think it could be very safe. But I bet many here are using the same old password that they use everywhere... same as was used in several data leaks.
Me, I've been using unique passwords with every account or site I have. And if 2FA is an option, I enable that as well.
Having said that using an app password IS an acceptable (and necessary, for reasons of backwards compatibility) alternate AND secure solution.
As you pointed out yourself, using an app password or even a very secure password without Modern Auth doesn't necessarily make it any less secure. Particularly if an appropriate level of due diligence is exercised.
Glad you concur.02-16-21 10:14 AMLike 0 - On the contrary, I fully understand that using an app password is not permitted by some organizations, which is specifically why I said I was in a privileged position to do so. I also fully understand some individuals are not in a position to have a say in the matter.
Having said that using an app password IS an acceptable (and necessary, for reasons of backwards compatibility) alternate AND secure solution.
As you pointed out yourself, using an app password or even a very secure password without Modern Auth doesn't necessarily make it any less secure. Particularly if an appropriate level of due diligence is exercised.
Glad you concur.
"I still feel this is more about generating revenue from software licenses, protecting corporate cloud data, and tracking user activity than it is about security for the end user."
This is patently false. MFA is vendor independent (you dont need to involve Apple, Google or Microsoft), to my knowledge you dont necessarily need a software license from any big vendor, and you dont even need a smartphone (it can also be a physical security device, like a Yubikey or similar)
Everyone is entitled to use whatever solution they prefer and are comfortable with but please dont spread BS and untruths.02-16-21 11:17 AMLike 0 - I only disagree, and disagree completely with the BS you wrote earlier. Quote: (about multifactor auth)
"I still feel this is more about generating revenue from software licenses, protecting corporate cloud data, and tracking user activity than it is about security for the end user."
This is patently false. MFA is vendor independent (you dont need to involve Apple, Google or Microsoft), to my knowledge you dont necessarily need a software license from any big vendor, and you dont even need a smartphone (it can also be a physical security device, like a Yubikey or similar)
Everyone is entitled to use whatever solution they prefer and are comfortable with but please dont spread BS and untruths.
Then you can lecture me about how this isn't about money.02-16-21 12:06 PMLike 0 - Right. Well, let's see what happens when people using older versions of Microsoft Office that they paid hundreds of dollars for per license, aren't able to access their email via Outlook any longer and are required to enter into a subscription. Or the countless organizations that have already been forced to do so thanks to service agreements between Microsoft and their webhost, significantly increasing the cost of email service.
Then you can lecture me about how this isn't about money.
So here in your story MS is or might be to blame and not MFA.02-16-21 12:23 PMLike 0 - On the contrary, I fully understand that using an app password is not permitted by some organizations, which is specifically why I said I was in a privileged position to do so. I also fully understand some individuals are not in a position to have a say in the matter.
Having said that using an app password IS an acceptable (and necessary, for reasons of backwards compatibility) alternate AND secure solution.
As you pointed out yourself, using an app password or even a very secure password without Modern Auth doesn't necessarily make it any less secure. Particularly if an appropriate level of due diligence is exercised.
Glad you concur.
Yeah, of course, for some 5 person mom and pop business you can make a lot of things work, but for large businesses who have access to sensitive information about millions of people, there are common standards that we all use. These are best practices. MFA is one of them.
BB should support it if they care about corporate users. If not, then that’s fine.pdr733 likes this.02-16-21 12:43 PMLike 1 - Describe in detail the process by which a user changes her app password, and it will be immediately obvious why this isn’t secure at scale.
Yeah, of course, for some 5 person mom and pop business you can make a lot of things work, but for large businesses who have access to sensitive information about millions of people, there are common standards that we all use. These are best practices. MFA is one of them.
BB should support it if they care about corporate users. If not, then that’s fine.
If this discussion makes one thing clear, it is that BB Hub is clearly designed for, and being sold in, a consumer Android space. Its not an enterprise app nor is it even even branded as such. So it should be treated accordingly. But if you compare it to other apps also competing in that space, it still has some disinct advantages. Would it be any worse with Modern Auth support? Of course not. Is it automatically less secure without it? Not necessarily.02-16-21 12:58 PMLike 0 -
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Just lost Exchange Active Sync account
Similar Threads
-
Any active group?
By anon(10724439) in forum Discover BBM GroupsReplies: 21Last Post: 01-02-24, 10:38 AM -
Is there an updated gmail sync for BB10?
By scrannel in forum Ask a QuestionReplies: 10Last Post: 02-02-21, 09:58 AM -
Contacts don't sync to calls
By somech in forum BlackBerry KEY2Replies: 1Last Post: 01-29-21, 09:28 PM -
Blend - phone reads desktop but desktop just says 'pairing'
By John EC1 in forum BlackBerry Z10Replies: 3Last Post: 01-26-21, 09:53 PM -
Lost the Home screen
By ArbuckleWillis in forum BlackBerry KEY2 LEReplies: 2Last Post: 01-20-21, 11:33 PM
LINK TO POST COPIED TO CLIPBOARD