Agreed on the two-factor auth bit: their implementation seems a bit wacky. (At least, their Google Authenticator TOTP implementation. It seemed like their Yubikey implementation was pretty good, but I don't have a Yubikey.)
However, their "alternative login" thing is pretty useful. I have separate (completely random) passwords for the IMAP sync for my phone and work machine, so I can revoke those at any time without touching the master password. In some sense, that setup is similar to the one Google has for two-factor auth and service-specific passwords.
Indeed. And the 'regular' alternative logins do have _somewhat_ limited access, but to be usable for pop/imap/smtp they have to be of type 'full access'.
'full access' regular logins can do _everything_ but modify other alternative logins. If you happen to have domain admin rights added to your login (eg. not the main domain admin account), regular logins can even do that!
I would probably pay double for an "imap/smtp only login" feature. ;)
> "Mr Snowden said that the other partners in the "Five Eyes" intelligence alliance of the US, United Kingdom, Canada, Australia and New Zealand 'sometimes go even further than the [National Security Agency] people themselves.'"
I actually looked for a mail service (besides google) inside the USA, because I figured spying on non-citizen services would be even more prevalent. But it came down to rackspace email (which was "just ok" but lacked any kind of two factor auth/alternative logins) and fastmail (which I found nicer).
