Application passwords

Since many client implementations do not support modern authentication mechanisms but rely on static plain-text credentials (username and password) for non-interactive access, OX App Suite offers a feature called "application passwords". This allows users to define a specific and unique password for access via CalDAV, CardDAV, WebDAV and OX Drive synchronization interfaces. By doing so, the user has the option to chose different passwords for those kinds of services and use a separate set of credentials for IMAP/SMTP and a modern authentication method for web access.

Credentials that are stored at a client and used for non-interactive authentication are at risk of undetected compromise and offering application specific passwords severely reduces the blast-radius and impact of access compromise. An attacker could access data managed by a specific application (e.g. Calendar) but would not be able to use the same set of credentials to access further resources such as Drive, Contacts or E-Mail.