is it possible to have a password for IMAP that is not the user’s default login password, but rather one that is e.g. randomly generated or otherwise separately taken care of?
would be kinda nice as the normal login password has a different level of expectations due to it being regularly typed by a user and being able to be combined with 2FA depending on what you use it for, compared to an IMAP Password which due to the way IMAP works can decidedly not use 2FA, and is directly stored on devices, and typed close to never.
so this would solve multiple issues at once.
- The much more powerful login password being needlessly stored on devices
- a potentially weaker password being used for a thing that cannot be 2FA’d (or really protected in many ways at all)
- LUA-Concept - while not exactly being about a user’s rather than the credential’s access, having scoped passwords also means less exposure if that password DOES get exposed.