In article <59033AF1D4%mik....@xemik.com
Yes it is for POP3 and SMTP, nothing to do with webmail.
Not something I have used, or seen mentioned in recent years, which
probably means it's build date of 2013 is too old for TLSv3 etc.
However the source is reportedly on Github so there is hope and the
finished app looks tidy.
My port of Fetchmail using POP3 downloaded mail from
again today so thankfully the 'one off' password
code is something you only have to go to webmail and do once.
It is likely that other RISC OS POP3 fetchers would require the
password switcheroo also.
Actually I still find this preferrable to the Gmail method of forcing
you to be in their 'Insecure mode' and reminding you of it.
Is it any better? The USER and PASS is still sent after the encrypted
connection is made and PASS is still a series of characters so not
really. If the code generation method is kept private, it would
help to stop guessing 'likely' text passwords however if they use
a fixed number of characters in their code output, it reduces the
number of possible combinations dramatically.
If a high number of failed login attempts was monitored it would
probably be more secure.