undefined | Better HN

0 pointsbombcar2y ago0 comments

There’s another method that doesn’t use app specific passwords but I’m not entirely sure how it DOES work - it opens a connection and then gives you a web address to go to in your browser to authenticate with 2fa. And then somehow it magically works until it decides it doesn’t like you anymore.

0 comments

oefrha2y ago

I never studied the protocol of Gmail/Exchange/etc. 2FA, but I suppose the SMTP auth token expires after a while, and the client somehow hasn't implemented token refresh? Anyway, glad to know there is a way (?) to get git-send-email working with stricter 2FA.

bombcarOP2y ago

I've always assumed that the server side stores as much information about the client as it can, so not just "username/password" but source IP, client headers, etc and somehow uses that as a "session token".

j / k navigate · click thread line to collapse

0 pointsbombcar2y ago0 comments

0 comments

oefrha2y ago

bombcarOP2y ago

j / k navigate · click thread line to collapse