OAuth 2.0: Modern authentication

Good afternoon dear community

More and more mail providers (Google, Hotmail, etc. ) only allow authentication via OAuth 2.0 in mail clients. Configuring accounts via IMAP/POP is disabled by default. For those who are familiar with this area, this makes perfect sense from a safety perspective. As far as I found out, Swisscom doesn’t support OAuth 2.0, or at least the technical service didn’t know what OAuth 2.0 was. Can anyone confirm this?

Does anyone have any idea whether Swisscom plans to support OAuth 2.0 in the future? Or where to turn when you want to apply a little pressure?

Thank you very much for your help

Thanks for the reply. Then my assumption was correct.

@hed wrote:

I know several people with GMail accounts who use IMAP.

I didn’t say that Google doesn’t support IMAP, but it appears to be disabled by default. See Link under the chapter “Set up Gmail with older version of Outlook and other clients”. This means that by default, configuring the account in a mail client is only possible using OAuth 2.0, if I understand that correctly.

Regarding 2FA, it would of course be possible using OAuth 2.0, which is currently working without any problems at Google. It would be stupid if you allowed the outdated authentication alongside OAuth 2.0, because then even the best 2FA would be of no use.

I hope I was able to clarify my concerns. The only question that needs to be clarified is whether Swisscom will support this in the future? I see I’m not the only one with this concern. See the following question and comment from dexter85.

@Glotzologe wrote:

When using external email clients, access via POP3 or IMAP is still required.

You can search on the support pages of these providers:

[https://support.microsoft.com/de-de/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040] (https://support.microsoft.com/de-de/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040)
https://support.google.com/mail/answer/7126229?hl=de

Thanks for the reply. As already stated in the answer above, it is still possible to use an email client using POP/IMAP, but it is deactivated by default on Google, for example. In the Google support link that you sent me, it is explicitly stated that you have to activate IMAP in “Step 1: Activate IMAP”. This means that if you only use OAuth2.0 + 2FA, you will be much safer on the road.

@POGO 1104

Thanks for your answer. I actually expected that. However, someone may also feel that OAuth2.0 + 2FA should be the default option to configure email accounts. The more people want this, the more likely it is to be supported in the future.

Where do you think I should report my concern?

@Glotzologe wrote:

This would only be necessary as soon as Swisscom has integrated external services (iCloud, OneDrive, SocialMedia, etc.) into webmail.

I have a different opinion. If you can only connect to IMAP/POP/SMTP protocols using OAuth2.0, this drastically increases security. Among other things, because you can easily activate 2FA for external web clients and not just for webmail.

@hed and @Glotzologe

Small addendum. I was inaccurate when it came to Google’s default deactivation of IMAP, or simply stuck to the wording in the Google documentation. Of course, I mean that authenticating IMAP connections using a Google account password is disabled by default. By default, such connections are authenticated with the authorization token that you received via OAuth2.0. I assume that this doesn’t work differently with Office365.