I meant using TOTP (app-based) two-factor authentication for securing your DNS provider and domain registrar accounts. The reason for not using SMS-based two-factor authentication is that it is not very secure https://techcrunch.com/2016/07/25/nist-declares-the-age-of-s...
I'm not aware of two-factor authentication for SMTP or IMAP.
I don't understand how that's any more secure than just using a strong password for the account. At some point, you're going to have to make that password accessible to the client. Plus, it's arguably less secure because the account now has multiple valid passwords that will work for authentication, and, based on your description, there's nothing that prevents someone from using the exact same password over a netcat session from accessing the account.
The confusion seems to be about logging into your account on the web versus using a mail client like Outlook or Thunderbird.
Pick a service that lets you use a long password and a security key (like Yubikey) or authenticator (Google, Authy) to log in.
Most services will then let you generate a specific password for an email client. I would assume that behind the scenes that the service is restricting what ports that password can be used on, etc.
> I would assume that behind the scenes that the service is restricting what ports that password can be used on
Assuming it's a device accessing the service over IMAP and SMTP that can access multiple networks, restricting by IP and/or port won't really help. As I noted in my other reply, it's easy enough to script access to the account if have the password and there's no real association between the application and the credentials that are used for access.
How does that work when using an email client and connecting to the server and using SMTP and IMAP?