05-03-21 05:52 PM
119 ... 345
tools
  1. SteinwayTransitCorp's Avatar
    That is the one reason why I cannot go with samsung. You have google apps then samsung apps. That's no good for simple guys like me.
    Attached Thumbnails Pixel Owners-homer-phone.jpg  
    03-24-21 07:30 AM
  2. Jazuyo's Avatar
    The Pixel 5 is the best slab I've ever used. My priorities are battery life, reasonable size, straight-from-the-source updates, a nice camera, and a clean approach to Android (no bloat or heavy skins).
    I have the pixel 5 it's the first and only android I had and it's well worth it. Great battery life, fits into my jeans fifth pocket, if you know how to work bb10 the transition to android 11 is a piece of cake with the swipe gestures it's well worth it.
    elfabio80 likes this.
    04-18-21 08:53 PM
  3. iMasterus7's Avatar
    So, back to Blackberry Hub Suite. I have enabled 2FA on all email accounts and used app-specific passwords to have them on my BlackBerry KEYone. So, the question is: how is it less secure than having 2FA directly supported by BlackBerry Hub? I dare to think that it is even a more secure option since 2FA is there and real passwords are not "recorded" anywhere on the device.

    Posted via BlackBerry Passport Silver Edition
    04-25-21 09:51 PM
  4. conite's Avatar
    So, back to Blackberry Hub Suite. I have enabled 2FA on all email accounts and used app-specific passwords to have them on my BlackBerry KEYone. So, the question is: how is it less secure than having 2FA directly supported by BlackBerry Hub? I dare to think that it is even a more secure option since 2FA is there and real passwords are not "recorded" anywhere on the device.

    Posted via BlackBerry Passport Silver Edition
    With 2FA your device receives an OAuth token that considers the application safe, and the 3rd party app itself doesn't actually receive or store your login credentials.

    Whereas, providing an app with an app-specific password gives the developer of that 3rd party app said credentials.

    Now, you can decide to trust BlackBerry to treat your account with respect (and not pass it along to other people), but that doesn't work with everyone, nor is it considered wise security policy.
    Last edited by conite; 04-25-21 at 10:24 PM.
    04-25-21 10:11 PM
  5. iMasterus7's Avatar
    With 2FA your device receives an OAuth token that considers the application safe, and the 3rd party app itself doesn't actually receive or store your login credentials.

    Whereas, providing an app with an app-specific password gives the developer of that 3rd party app said credentials.

    Now, you can decide to trust BlackBerry to treat your account with respect (and not pass it along to other people), but that doesn't work with everyone, nor is it considered wise security policy.
    I can observe that you are being more and more straightforward in bashing Blackberry these days
    So, apart from your general strong statements I kindly ask you to be more specific about danger that app-specific passwords pose to the security of my accounts via BlackBerry Hub. Please, describe what harm app-specific password (or third-party app) can cause that 2FA cannot to my account(s). Thanks!

    Disclaimer: English is not my native language

    P.S.: I can see that you have edited your original post by removing some stronger statements. But, nevertheless, you claim that app-specific passwords can cause harm, so, please, provide some details, where the devil is in.

    Posted via BlackBerry Passport Silver Edition
    04-26-21 06:38 AM
  6. conite's Avatar
    I can observe that you are being more and more straightforward in bashing Blackberry these days
    So, apart from your general strong statements I kindly ask you to be more specific about danger that app-specific passwords pose to the security of my accounts via BlackBerry Hub. Please, describe what harm app-specific password (or third-party app) can cause that 2FA cannot to my account(s). Thanks!

    Disclaimer: English is not my native language

    P.S.: I can see that you have edited your original post by removing some stronger statements. But, nevertheless, you claim that app-specific passwords can cause harm, so, please, provide some details, where the devil is in.

    Posted via BlackBerry Passport Silver Edition
    I'm not sure how I can explain it any other way. I thought I was pretty clear.

    When using an app-specific password, you give the 3rd party app developer your login credentials, for them to do with it as they please.
    04-26-21 07:08 AM
  7. iMasterus7's Avatar
    I'm not sure how I can explain it any other way. I thought I was pretty clear.

    One way you give the app developer your login credentials, for them to do with it as they please (app-specific password).
    So, you say (or mean) that they, developers, can reuse my app-specific password to login into my account?

    Posted via BlackBerry Passport Silver Edition
    Last edited by iMasterus7; 04-26-21 at 07:56 AM.
    04-26-21 07:11 AM
  8. Dunt Dunt Dunt's Avatar
    So, you say (or mean) that they, developers, can reuse my app-specific password to login into my account?

    Posted via BlackBerry Passport Silver Edition
    If they were so inclined... yes.

    I don't think anyone expect BlackBerry or Microsoft to do this. But there are lot's of other 3rd party apps out there - and your email account is the gateway to access may other accounts. Have an email address - it's get you the "username" (many sites use your email) and access to a email recovery of your password.
    04-26-21 08:58 AM
  9. iMasterus7's Avatar
    If they were so inclined... yes.

    I don't think anyone expect BlackBerry or Microsoft to do this. But there are lot's of other 3rd party apps out there - and your email account is the gateway to access may other accounts. Have an email address - it's get you the "username" (many sites use your email) and access to a email recovery of your password.
    Really?! I thought that app-specific password cannot be reused since it is a one-time one. And besides, app-specific password cannot be used to access an account via website neither to change the original password.
    I am pretty sure that if app-specific passwords could be re-used to access an account by third-party folks then usual suspects (aka Apple, Google, Microsoft) would ban this practice at all.

    Posted via BlackBerry Passport Silver Edition
    Last edited by iMasterus7; 04-26-21 at 09:57 AM.
    04-26-21 09:14 AM
  10. Dunt Dunt Dunt's Avatar
    Really?! I thought that app-specific password cannot be reused since it is a one-time one. And besides, app-specific password cannot be used to access an account via website neither to change the original password.
    I am pretty sure that if app-specific passwords could be re-used to access an account by third-party folks then usual suspects (aka Apple, Google, Microsoft), would ban this practice at all.

    Posted via BlackBerry Passport Silver Edition
    It's still up to the user to be careful who they give access to their account.... but there is a reason the usual suspects all call it "less secure". But they also will warn you, in the generation process Google will give you a message "this app password grants complete access to your Google Account. You won't need to remember it, so don't write it down or share it with anyone" But try writing it down and using it...
    04-26-21 09:48 AM
  11. iMasterus7's Avatar
    It's still up to the user to be careful who they give access to their account.... but there is a reason the usual suspects all call it "less secure". But they also will warn you, in the generation process Google will give you a message "this app password grants complete access to your Google Account. You won't need to remember it, so don't write it down or share it with anyone" But try writing it down and using it...
    So now you are jumping around like some folks here without giving a direct answer. Not all "usual suspects" call app-specific passwords less secure: I have checked Apple and Microsoft websites and they don't make such strong claims. Google, yes, call it less secure and maybe that's why you and Conite call it also less secure without giving specific reasons as to why it is less secure.
    The simple check is that you give the evidence (to support your claim) that app-specific password could be re-used to get an unauthorized access to an account. If you can't, then just admit that you are wrong about this specific case - the world doesn't end.

    P.S.: just couple of quotes from Apple and Google, FYI:
    "App-specific passwords maintain a high level of security and help ensure your Apple ID password won’t be collected or stored by any third-party apps you use." Apple.

    "Every App Password can only be used once." Google.

    Posted via BlackBerry Passport Silver Edition
    Last edited by iMasterus7; 04-26-21 at 10:15 AM.
    bh7171 likes this.
    04-26-21 09:55 AM
  12. conite's Avatar
    Really?! I thought that app-specific password cannot be reused since it is a one-time one. And besides, app-specific password cannot be used to access an account via website neither to change the original password.
    I am pretty sure that if app-specific passwords could be re-used to access an account by third-party folks then usual suspects (aka Apple, Google, Microsoft) would ban this practice at all.

    Posted via BlackBerry Passport Silver Edition
    If you provide, say, the BlackBerry HUB with an app-specific password, BlackBerry themselves (and anyone they choose to give it to) would now have access to those login credentials and will have unfettered access to your account.

    https://www.howtogeek.com/199804/war...tion-specific/

    "Application-specific passwords are more dangerous than they sound. Despite their name, they’re anything but application-specific. Each application-specific password is more like a skeleton key that provides unrestricted access to your account."
    04-26-21 10:19 AM
  13. SatoshiX's Avatar
    I have Hub installed on a Samsung S20 and 2FA on my email accounts seems to work. When I add a new Gmail or Microsoft account to the Hub, it directs me--within the Hub app--to those sites' respective login pages where I enter my password and second factor authentication. from there, the login is saved in the Hub. No app passwords. unless I'm misunderstanding something...which is quite possible. that sound right?
    05-01-21 09:42 AM
  14. conite's Avatar
    I have Hub installed on a Samsung S20 and 2FA on my email accounts seems to work. When I add a new Gmail or Microsoft account to the Hub, it directs me--within the Hub app--to those sites' respective login pages where I enter my password and second factor authentication. from there, the login is saved in the Hub. No app passwords. unless I'm misunderstanding something...which is quite possible. that sound right?
    No it doesn't. HUB doesn't support that.
    05-01-21 10:43 AM
  15. SatoshiX's Avatar
    No it doesn't. HUB doesn't support that.
    This is me adding a Gmail account just now. Am I misunderstanding something?

    Pixel Owners-hub-2fa-.png
    05-01-21 02:32 PM
  16. conite's Avatar
    This is me adding a Gmail account just now. Am I misunderstanding something?

    Click image for larger version. 

Name:	Hub 2FA?.png 
Views:	12 
Size:	496.8 KB 
ID:	450685
    My apologies. I reread and you are talking about Google. The virtues of having a Google device.

    Yahoo, and Outlook are different.
    05-01-21 03:15 PM
  17. SatoshiX's Avatar
    My apologies. I reread and you are talking about Google. The virtues of having a Google device.

    Yahoo, and Outlook are different.
    ah, I see. The process for me is the same for my Microsoft account though. I click the option in the Hub add account dialog for "Sign in with Microsoft", and it similarly directs me--in app--to my Microsoft account login page where I am prompted for 2FA (in this case via my authenticator app). This is an organization/etnerprise-managed Microsoft account though, if that makes a difference. Pretty sure my hotmail account was added the same way though.
    Rico4you likes this.
    05-01-21 03:56 PM
  18. SatoshiX's Avatar
    ah, I see. The process for me is the same for my Microsoft account though. I click the option in the Hub add account dialog for "Sign in with Microsoft", and it similarly directs me--in app--to my Microsoft account login page where I am prompted for 2FA (in this case via my authenticator app). This is an organization/etnerprise-managed Microsoft account though, if that makes a difference. Pretty sure my hotmail account was added the same way though.
    Spoke too soon on Hotmail. Indeed that requires an app password. I'm curious now what third party mail apps can facilitate 2FA in such instances (and apologies for taking this thread so far off its original topic)
    05-03-21 04:55 PM
  19. conite's Avatar
    Spoke too soon on Hotmail. Indeed that requires an app password. I'm curious now what third party mail apps can facilitate 2FA in such instances (and apologies for taking this thread so far off its original topic)
    Pretty much pick any actively developed email client. Like Spark Email - which happens to be a darn good one.
    SatoshiX likes this.
    05-03-21 05:52 PM
119 ... 345

Similar Threads

  1. BBM classic owners group
    By Normand Raymond in forum BlackBerry Classic
    Replies: 25
    Last Post: 04-22-21, 12:44 AM
  2. Key 2 Red Edition to Pixel 5 - Reluctantly
    By Bammerz in forum BlackBerry KEY2
    Replies: 42
    Last Post: 12-08-20, 01:33 PM
  3. WTT: KEY2 and pixel 3 for iPhone se (2020) 256 gigs
    By MB64 in forum Buy, Sell, Trade - Sold / Archived
    Replies: 14
    Last Post: 09-11-20, 05:55 PM
  4. Question to BBF100-2 owners
    By draculito in forum BlackBerry KEY2
    Replies: 3
    Last Post: 08-21-20, 07:32 AM
  5. Replies: 2
    Last Post: 08-14-20, 02:37 PM
LINK TO POST COPIED TO CLIPBOARD