imapfilter icon indicating copy to clipboard operation
imapfilter copied to clipboard
verified publisher icon lefcha

2-Step Verification for gmail

Open jchollingsworth opened this issue 4 years ago • 8 comments

Hi.. I recently noticed imapfilter was no longer doing it's job, and I realized it's because Gmail has automatically switched on 2-Step Verification (as of 9th Nov 2021)... which prevents imapfilter from working properly. Currently, it's possible to switch this option off in Gmail, but I think they will remove this in the future. Therefore, it would be great to find a way to manage this problem so that imapfilter continues to work with gmail. Thanks, J

jchollingsworth avatar Nov 10 '21 11:11 jchollingsworth

You should be able to use an app password for this. Go to https://myaccount.google.com/security Look for the "Signing in to Google" section.

NickHastings avatar Nov 12 '21 02:11 NickHastings

I think it should be possible to have an App Password, and thus bypass 2FA: https://support.google.com/mail/answer/185833?hl=en

Are any mail clients that can handle 2FA, apart from Gmail itself?

lefcha avatar Dec 11 '21 18:12 lefcha

Honestly this could use a broader discussion. Perhaps there is room for a LUA-enabled-but-not-necessarily-IMAP-or-IMAPS-limited application? Looking at some of the other 'issues', abstracting the email-connection-type by one layer would allow you to access local disk, remote disk, databases, email servers, etc, using potentially the same tool.

I was impressed by how the Microsoft Azure CLI for Linux handles 2FA. When you do an "az login" it tells you to "go to this specific URL in a browser." This then steps you through the login process on the Azure side and ultimately grants you access. Other possibilities could include a text prompt "enter the Authenticator code" ala Google Authenticator, or like a Duo login (https://duo.com/docs/loginduo) where you can select one of 3 different options: Duo Push to <phone number>, Phone call to <phone number>, SMS passcodes to <phone number>; etc.

PeterS242 avatar Dec 16 '21 15:12 PeterS242

So today I found that imapfilter was no longer able to access my gmail... so I followed the above advice, activated 2-Step Verification on my gmail account, and created an app password, and updated my lua config file... and voila... everything is working again. Many thanks!

jchollingsworth avatar Jun 02 '22 13:06 jchollingsworth

I am pleased to confirm that the solution you provided here does work like a charm : activate 2FA, create an App password, update the lua config file. Thank you @lefcha @PeterS242 @jchollingsworth @NickHastings, great insight !

pdemaret avatar Jun 07 '22 12:06 pdemaret

I run IMAPFILTER on a ubuntu server (i.e. no gnome or browser capability on the server) on a 5 min basis so I can coordinate all of my access points. I do not understand the above suggestion. Is this some special method of using a duo key (which I do not have)?

when I turn on 2fa (which uses my phone as the option) and imapfilter runs, I get the following errors for the gmail account. IMAP (6): 1004 NO [ALERT] Application-specific password required: https://support.google.com/accounts/answer/185833 (Failure) IMAP (6): 1006 BAD Unknown command a4mb285746951qvf

am I missing something in my coding?

hi-flyer avatar Jun 08 '22 12:06 hi-flyer

Hi hi-flyer, you just have to create an app password in your google account. The how-to reference is given in your message : https://support.google.com/accounts/answer/185833. Once created, you copy the password in the lua config file, where it replaces your old password. Nothing to do with a duo key.

pdemaret avatar Jun 08 '22 16:06 pdemaret

Thank you, I missed that step. It is now working. Appreciate the help.

hi-flyer avatar Jun 08 '22 16:06 hi-flyer