On 19 Apr cvjazz@waitrose.com wrote:

> Hi,
>
> There is a thread on the ROOL forum regarding Google withdrawing "Less
> secure app" access. No firm conclusion seems to have been reached.
>
> In days of yore when Gmail was simple I got several accounts for
> different purposes.
>
> I use Hermes within Netfetch to bring mail to my computer(s).
>
> As I understand the Google help sheet, if I can find my app in their list
> (Hermes???), I can get a code to use instead of my current login in
> password but I need 2-factor authentication to do that so presumably I
> have to have my phone on but still go on line to enter the code.
>
> Have I got this right?
>
> Is Hermes likely to be updated in the near future so Google will be happy
> with it? I haven't seen any traffic on the Hermes mail list for ages.
>
> What alternatives are there?
>
> I have a Yahoo account on which I got their one time password when they
> had a spat about insecure devices. That works OK without any other
> safeguards/identification. I wonder how long that will last.
>
> My Hotmail account also still with a POP3 account and a Live.com server
> setting (fingers crossed) but the mem sahib has Outlook 2010 as part of
> Office and Hotmail have stopped that as it's insecure. Now she's waiting
> for her Gmail accounts to stop working.
>
> My John Lewis (was Waitrose) account hosted by PlusNet has no problems
>
> So what alternatives are there? Get our own domain? That would be a bit
> of a learning curve.
>
> What other alternatives are there?
>
> I can't be the only one in the same boat.
>

I know this has been discussed here and elsewhere and I have that same problem,
using Messenger and Netfetch with a Google email account.

What is the summary answer, please? Google are still pushing this as something
they will do imminently - like in a few weeks. So is this something a change in
RISCOS/ RComp software is planning to deal with?

a) If so, can we expect modified software to be made available soon?

b) Or, has a step by step alternative been produced?

b) Do I have to drop gmail and have all the hassle that entails? I've used POP3
for so long and don't want webmail, because of being stuck with their appalling
email management software.

I am abroad and don't feel I can deal with anything other than a simple solution
with little technical involvement.

Sorry, if the answer is already contained in the above that I haven't absorbed.
Thanks,
Barry
--
__ ___
//_)) //__))
//__))arry //unchard mailto:barry.punchard@gmail.com
____________________

On 16 May 2022 as I do recall,
Barry Punchard wrote:

> On 19 Apr cvjazz@waitrose.com wrote:
>
> >
> > There is a thread on the ROOL forum regarding Google withdrawing "Less
> > secure app" access. No firm conclusion seems to have been reached.

[snip]

> I know this has been discussed here and elsewhere and I have that same
> problem, using Messenger and Netfetch with a Google email account.
>
> What is the summary answer, please? Google are still pushing this as something
> they will do imminently - like in a few weeks. So is this something a
> change in RISCOS/ RComp software is planning to deal with?
>
> a) If so, can we expect modified software to be made available soon?
>
> b) Or, has a step by step alternative been produced?
>

Chris Newman posted a step-by-step alternative in
comp.sys.acorn.networking. It requires one-off web access to GMail (so
won't work with NetSurf) and one-off access to a mobile phone, but after
that you can continue to access your e-mail via Netfetch and POP3.

---------- Begin forwarded message ----------
Date: Mon, 09 May 2022 00:20:12 +0100
From: Chris Newman <cvjazz@waitrose.com>
Newsgroups: comp.sys.acorn.networking
Subject: Re: Google and the end of May

In article <6da978e159.harriet@bazleyfamily.co.uk>, Harriet Bazley
<harriet@bazleyfamily.co.uk> wrote:
> On 30 Apr 2022 as I do recall, Chris Newman wrote:

> [snip]

> > As I understand it, if you wish to keep accessing Google on older
> > (Less secure?) kit you will need to get a new password to put in to
> > your mail transport prog. This only needs to be done once unless you
> > have some sort of catastrophic failure of your set up. Presumably
> > even then, if you've saved it, you can re-insert. You can still log
> > in online with your original password. Then each time you connect
> > with said older kit, you will have to get a 2 factor code from them.
> > Whether that arrives by phone, mail or what I know not.

> Ouch. So *every single time* your mail transport tries to fetch from
> your inbox, you will have to manually confirm your identity... i.e.
> every twenty minutes or so?
Seemingly, its not as bad as I thought. You won't need to confirm every
time.
Thanks to an article in Computer Active magazine, I've sorted the first
of my Google accounts.

I've tried to make an idiot's guide. Herewith....

2 factor authentication for "insecure" apps.

Sign into your Google account.
Select "Security" in the left hand menu.
You may have to keep signing back into you account to verify it's you
during the process.
Follow instructions to enable 2-step verification.
You will need a phone for the set up as they send you a code. I had one
listed with them as I have an Android phone which needs the ridiculously
named "PlayStore."
You can ignore the bits about further safety measures.
Go back to "Security" page.
With a bit of searching you should see a new option "App Passwords"
Select "Mail" in the "Select App" drop down menu no matter what
app/client/transport you are using.
In the "Select device" menu, choose the device you want to access gmail
on. I chose other and when asked, called it Hermes.
Select "Generate" to get you 16 digit password which appears in a
yellowish box.
Enter this in your email/transport client in place of you old code.
You should only have to do this once but keep a copy of the code in case
of disasters. If the worst comes to the worst, you can get Google to
generate a new one.
You may have to do a capcha or get another code. I was so confused, I
slightly disremember the order of events.
Then all should work.

When I accessed my Google account on-line it was my original password
that was needed. I had to get a code to log in the first time but there
is a "Don't ask again on this device" box to tick to prevent that each
time you login in future.

How does it know my device? IP address, MAC address?

--
Chris Newman
----------- End forwarded message -----------

--
Harriet Bazley == Loyaulte me lie ==

The way to a man's heart is through the left ventricle.

In message <406d61e959.barry.punchard@barry.gmail.com>
Barry Punchard <barry.punchard@gmail.com> wrote:

> On 19 Apr cvjazz@waitrose.com wrote:

>> Hi,
>>
>> There is a thread on the ROOL forum regarding Google withdrawing "Less
>> secure app" access. No firm conclusion seems to have been reached.
>>
>> In days of yore when Gmail was simple I got several accounts for
>> different purposes.
>>
>> I use Hermes within Netfetch to bring mail to my computer(s).
>>
>> As I understand the Google help sheet, if I can find my app in their list
>> (Hermes???), I can get a code to use instead of my current login in
>> password but I need 2-factor authentication to do that so presumably I
>> have to have my phone on but still go on line to enter the code.
>>
>> Have I got this right?
>>
>> Is Hermes likely to be updated in the near future so Google will be happy
>> with it? I haven't seen any traffic on the Hermes mail list for ages.
>>
>> What alternatives are there?
>>
>> I have a Yahoo account on which I got their one time password when they
>> had a spat about insecure devices. That works OK without any other
>> safeguards/identification. I wonder how long that will last.
>>
>> My Hotmail account also still with a POP3 account and a Live.com server
>> setting (fingers crossed) but the mem sahib has Outlook 2010 as part of
>> Office and Hotmail have stopped that as it's insecure. Now she's waiting
>> for her Gmail accounts to stop working.
>>
>> My John Lewis (was Waitrose) account hosted by PlusNet has no problems
>>
>> So what alternatives are there? Get our own domain? That would be a bit
>> of a learning curve.
>>
>> What other alternatives are there?
>>
>> I can't be the only one in the same boat.
>>

> I know this has been discussed here and elsewhere and I have that same
> problem,
> using Messenger and Netfetch with a Google email account.

> What is the summary answer, please? Google are still pushing this as
> something
> they will do imminently - like in a few weeks. So is this something a
> change in
> RISCOS/ RComp software is planning to deal with?

> a) If so, can we expect modified software to be made available soon?

R-Comp are aware and looking at options, but it should still work
afterwards anyway by changing to an 'application password' generated by
Google, rather then your own.

> b) Or, has a step by step alternative been produced?

One has been published in these lists, and on ArchiveOnline

> b) Do I have to drop gmail and have all the hassle that entails? I've used
> POP3
> for so long and don't want webmail, because of being stuck with their
> appalling
> email management software.

Although I do have a gmail account mainly as a backup. I have my own
domains so I control my email not Google or my ISP.

[snip]

--
Chris Hughes
Don't miss this years Wakefield Show 21st May 2022 - we have moved to
Cedar Court Hotel, Bradford
Check the latest information at www.wakefieldshow.org.uk

On 16 May 2022 as I do recall,
Harriet Bazley wrote:

[snip]

> Sign into your Google account.
> Select "Security" in the left hand menu.
> You may have to keep signing back into you account to verify it's you
> during the process.
> Follow instructions to enable 2-step verification.
> You will need a phone for the set up as they send you a code. I had one
> listed with them as I have an Android phone which needs the ridiculously
> named "PlayStore."

Note that once you have done this you will now be unable to access your
webmail without a mobile phone (which is why I was putting off doing it)
- you will only have POP3 access!

--
Harriet Bazley == Loyaulte me lie ==

He who hesitates is sometimes saved.

On 16 May harriet@bazleyfamily.co.uk wrote:

> On 16 May 2022 as I do recall,
> Barry Punchard wrote:
[snip]
>
> I know this has been discussed here and elsewhere and I have that same
> problem, using Messenger and Netfetch with a Google email account.
>
> What is the summary answer, please? Google are still pushing this as something
> they will do imminently - like in a few weeks. So is this something a
> change in RISCOS/ RComp software is planning to deal with?
>
> [SNIP]
>
> b) Or, has a step by step alternative been produced?
>
> > Chris Newman posted a step-by-step alternative in
[SNIP]
> >
> > ---------- Begin forwarded message ----------
> > > Date: Mon, 09 May 2022 00:20:12 +0100
> > > From: Chris Newman <cvjazz@waitrose.com>
> > > Newsgroups: comp.sys.acorn.networking
> > > Subject: Re: Google and the end of May
> > >
> In article <6da978e159.harriet@bazleyfamily.co.uk>, Harriet Bazley
> <harriet@bazleyfamily.co.uk> wrote:
> > On 30 Apr 2022 as I do recall, Chris Newman wrote:
>
> > [snip]
>
> > > As I understand it, if you wish to keep accessing Google on older
> > > (Less secure?) kit you will need to get a new password to put in to
> > > your mail transport prog. This only needs to be done once unless you
> > > have some sort of catastrophic failure of your set up. Presumably
> > > even then, if you've saved it, you can re-insert. You can still log
> > > in online with your original password. Then each time you connect
> > > with said older kit, you will have to get a 2 factor code from them.
> > > Whether that arrives by phone, mail or what I know not.
>
>
> > Ouch. So *every single time* your mail transport tries to fetch from
> > your inbox, you will have to manually confirm your identity... i.e.
> > every twenty minutes or so?
> Seemingly, its not as bad as I thought. You won't need to confirm every
> time.
> Thanks to an article in Computer Active magazine, I've sorted the first
> of my Google accounts.
>
> I've tried to make an idiot's guide. Herewith....
>
> 2 factor authentication for "insecure" apps.
>
> Sign into your Google account.
> Select "Security" in the left hand menu.
> You may have to keep signing back into you account to verify it's you
> during the process.
> Follow instructions to enable 2-step verification.
> You will need a phone for the set up as they send you a code. I had one
> listed with them as I have an Android phone which needs the ridiculously
> named "PlayStore."
> You can ignore the bits about further safety measures.
> Go back to "Security" page.
> With a bit of searching you should see a new option "App Passwords"
> Select "Mail" in the "Select App" drop down menu no matter what
> app/client/transport you are using.
> In the "Select device" menu, choose the device you want to access gmail
> on. I chose other and when asked, called it Hermes.
> Select "Generate" to get you 16 digit password which appears in a
> yellowish box.
> Enter this in your email/transport client in place of you old code.
> You should only have to do this once but keep a copy of the code in case
> of disasters. If the worst comes to the worst, you can get Google to
> generate a new one.
> You may have to do a capcha or get another code. I was so confused, I
> slightly disremember the order of events.
> Then all should work.
>
> When I accessed my Google account on-line it was my original password
> that was needed. I had to get a code to log in the first time but there
> is a "Don't ask again on this device" box to tick to prevent that each
> time you login in future.
>
> How does it know my device? IP address, MAC address?
>
Thank you very much Chris and Harriet. That all went well with 3 mail addresses.
so that problem is dealt with until Google feel so concerned about MY security
that they introduce another hurdle.

Barry

--
__ ___
//_)) //__))
//__))arry //unchard mailto:barry.punchard@gmail.com
____________________

On 16 May news13@noonehere.co.uk wrote:

> In message <406d61e959.barry.punchard@barry.gmail.com>
> Barry Punchard <barry.punchard@gmail.com> wrote:
>
> > On 19 Apr cvjazz@waitrose.com wrote:
>
> >> Hi,
> >>
> >> There is a thread on the ROOL forum regarding Google withdrawing "Less
> >> secure app" access. No firm conclusion seems to have been reached.
> >>
> >> In days of yore when Gmail was simple I got several accounts for
> >> different purposes.
> >>
> >> I use Hermes within Netfetch to bring mail to my computer(s).
> >>
> >> As I understand the Google help sheet, if I can find my app in their list
> >> (Hermes???), I can get a code to use instead of my current login in
> >> password but I need 2-factor authentication to do that so presumably I
> >> have to have my phone on but still go on line to enter the code.
> >>
> >> Have I got this right?
> >>
> >> Is Hermes likely to be updated in the near future so Google will be happy
> >> with it? I haven't seen any traffic on the Hermes mail list for ages.
> >>
> >> What alternatives are there?
> >>
> >> I have a Yahoo account on which I got their one time password when they
> >> had a spat about insecure devices. That works OK without any other
> >> safeguards/identification. I wonder how long that will last.
> >>
> >> My Hotmail account also still with a POP3 account and a Live.com server
> >> setting (fingers crossed) but the mem sahib has Outlook 2010 as part of
> >> Office and Hotmail have stopped that as it's insecure. Now she's waiting
> >> for her Gmail accounts to stop working.
> >>
> >> My John Lewis (was Waitrose) account hosted by PlusNet has no problems
> >>
> >> So what alternatives are there? Get our own domain? That would be a bit
> >> of a learning curve.
> >>
> >> What other alternatives are there?
> >>
> >> I can't be the only one in the same boat.
> >>
>
> > I know this has been discussed here and elsewhere and I have that same
> > problem,
> > using Messenger and Netfetch with a Google email account.
>
> > What is the summary answer, please? Google are still pushing this as
> > something
> > they will do imminently - like in a few weeks. So is this something a
> > change in
> > RISCOS/ RComp software is planning to deal with?
>
> > a) If so, can we expect modified software to be made available soon?
>
> R-Comp are aware and looking at options, but it should still work
> afterwards anyway by changing to an 'application password' generated by
> Google, rather then your own.
>
> > b) Or, has a step by step alternative been produced?
>
> One has been published in these lists, and on ArchiveOnline
>
> > b) Do I have to drop gmail and have all the hassle that entails? I've used
> > POP3
> > for so long and don't want webmail, because of being stuck with their
> > appalling
> > email management software.
>
> Although I do have a gmail account mainly as a backup. I have my own
> domains so I control my email not Google or my ISP.
>
Thanks for the comments Chris H. I hope to return to live in the UK soon and do
the same eventually.

Barry
--
__ ___
//_)) //__))
//__))arry //unchard mailto:barry.punchard@gmail.com
____________________