Q: AppleID security using POP3/IMAP
I am assessing whether to use my iCloud.com me.com email address with POP3/IMAP on various different computers I use. I think there are a number of very good arguments for using iCloud.com email as a primary e-mail account (as opposed to a free service like gmail), and I would like to do so.
I think that Apple would also like users to do so.
However, there is a possible sticking point for me. I use third-party e-mail clients (e.g. Thunderbird, Outlook, or other) for desktop access. To me, it looks like I would need to configure my third party email client to use my icloud username and icloud password to access Apple's POP3/IMAP servers to sync iCloud email. Is that correct?
I have concerns about this, because it means my iCloud password will be stored on my local email client (Thunderbird, Outlook or other), and could potentially be open as a security risk. If the email client were somehow compromised for example, a third party could obtain the iCloud password and use it access other iCloud services not related to email (device backup, device location, credit card billing, notes, etc...).
How can I set up a third party client to use my iCloud.com / me.com email address with POP3/IMAP without exposing my iCloud password in a potentially insecure environment?
It seems like a bad idea to use the same password for iCloud e-mail access, particularly from non-apple devices and software, as the password that is used for all other things iCloud.
Even if it were possible, I'm non-plussed with the idea of using two-party authentication every single time I access my e-mail.
Should I set up a second iCloud account for e-mail only (not used for device backup)? Or is it possible to establish a secondary iCloud email under my primary iCloud account that uses a different password for email only, which does not give access to device backup / billing etc...
Thanks,
Bert
iPhone 6s Plus, Other OS, Windows, various tablets, other dev
Posted on Sep 17, 2016 8:10 PM