AquaMail Forum

English - Android => General Discussion => Topic started by: Heliox on September 26, 2018, 01:50:26 pm

Title: Google 2 step verification
Post by: Heliox on September 26, 2018, 01:50:26 pm

I'm about to set up a 2 step verification for my Google account to secure my emails.
My question is Aqua-mail does not have a 2 step verification so it seems to me this is a gateway to my emails for any hacker to access them. Is this correct?

Title: Re: Google 2 step verification
Post by: Justin on September 26, 2018, 03:58:55 pm

@Heliox
As far as I know AquaMail does not login into your Google account, but uses Oauth2 instead. Explained here e.g.:
http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/

And see here, at "Gmail's new authentication, OAUTH2" :
https://www.mobisystems.com/aqua-mail/faq

@Kostya Would be useful to be able to link to specific questions ;)

Title: Re: Google 2 step verification
Post by: Kostya Vasilyev on September 27, 2018, 12:05:13 am

Yes we use OAUTH2 and this is 1) more secure than passwords to begin with 2) supports two-factor.

It does not support "advanced multifactor" that only Gmail app supports (I'm not sure of the exact name, but it's not "just two factor" it's some yet another thing that Google has.... this is a limitation on Google's side).

Re: this is a gateway to my emails for any hacker to access them. Is this correct

Two factor or not, "any hacker to access them" is blatantly *not* correct.

Re: @Kostya Would be useful to be able to link to specific questions ;)

Yeah, filed with web development team, hope they get to this sooner or later...