Thread: Google screwed up my Gmail acct in Thunderbird
View Single Post
  #24  
Old September 8th 18, 07:06 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default Google screwed up my Gmail acct in Thunderbird
Frank Slootweg wrote:

Ralph Fox wrote:
On Fri, 7 Sep 2018 20:23:17 -0400, Big Al wrote:

On 09/07/2018 08:01 PM, Ralph Fox wrote:
On Fri, 7 Sep 2018 16:08:42 -0700, cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?

There is a simple fix:
In Thunderbird, change your Gmail account to use OAuth2 authentication.

Here is a screen-shot of the OAuth2 option in Thunderbird.
http://i.imgur.com/dPUg7N3.png

Someone made the comment that OAuth2 only works for IMAP. (Unless TB
added it for pop).

AFAICT OAuth2 works for IMAP and for SMTP, but not for POP.

Indeed it does not work for POP. I saw that your screenshot shows the
'Server Settings' for an IMAP server, so I checked and the IMAP
'Authentication method' can indeed be set to 'OAuth2', but for a POP
server, that setting ('OAuth2') is not available.

If someone wants to POP their Gmail, use a Google app password with
the POP account. A Google app password also meets Gmail's requirements
for not being "less secure".

How do I do that? I don't know what "a Google app password" is (in
this context) and hence not how/where to set one.

Thanks.

You have Google generate a *strong* password that is unique to their
service. Google believes users are incapable of creating strong
passwords AND to use unique passwords at each site.

https://support.google.com/accounts/answer/185833?hl=en
https://support.google.com/accounts/.../1070455?hl=en

Since a Google app password is unique per device, Google can track which
device you are using to login. Yep, more tracking data for them.

The link doesn't work (https://myaccount.google.com/apppasswords or
https://security.google.com/settings.../apppasswords). I have to
login, go to my account settings, and under the "Sign-In & security"
section is an "Apps with account access" link. It's the same place
where I have to go to enable the "Allow less secure apps" option.

I'm not sure what process that Google uses. I think it's more of a
smartphone thing, like Android account management. You want an app to
login, get a prompt from the OS, and choose to allow which then records
something in your Google account where you can see online a list of apps
you've granted access.

Microsoft's app password has you create a new password to get around
their 2-step verification procedure since many apps don't support it.
Again, they assume users are too stupid to create strong and per-site
unique passwords. They create a different set of login credentials as a
workaround to their 2-step verification process, so instead of using
your normal site login credentials you instead use their login
credentials. Pretty stupid but then they aren't that off about the
expertise of the user community regarding the use of global passwords
that aren't strong.
Ads