I want to ensure that the services I have enabled on my server are secure, even when accessing them from (say) an Internet cafe when travelling.
For Roundcube I was going to implement OpenOTP with Google Authenticator. This provides me with two-factor authentication. There's just one problem. If I login to Roundcube at an Internet cafe and someone captures my password, they can't use it to login to Roundcube again (as the OTP would have changed) but they COULD use that captured password for other mail services on the same server such as IMAP (Dovecot) and SMTP (Postfix). Therefore, can anyone recommend a way to secure IMAP/SMTP (Dovecot/Postfix) using two-factor authentication; is this possible? Or should I be looking at other options (i.e.: OTP is not the solution)? Client certificates (X509)?
Whatever solution I use needs to work with K9 email (on Android), Thunderbird and Outlook 2010.
Thanks! :stud
For Roundcube I was going to implement OpenOTP with Google Authenticator. This provides me with two-factor authentication. There's just one problem. If I login to Roundcube at an Internet cafe and someone captures my password, they can't use it to login to Roundcube again (as the OTP would have changed) but they COULD use that captured password for other mail services on the same server such as IMAP (Dovecot) and SMTP (Postfix). Therefore, can anyone recommend a way to secure IMAP/SMTP (Dovecot/Postfix) using two-factor authentication; is this possible? Or should I be looking at other options (i.e.: OTP is not the solution)? Client certificates (X509)?
Whatever solution I use needs to work with K9 email (on Android), Thunderbird and Outlook 2010.
Thanks! :stud