If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Oauth2, GMail, and Thunderbird
mechanic wrote:
What's insecure about using TCL/SSL for transmission and the usual account name/password to access IMAP? Nothing, unless you're name is google. This OAuth2 stuff seems targeted at HTML APIs. yep. |
Ads |
#17
|
|||
|
|||
Oauth2, GMail, and Thunderbird
On 11/29/18 10:38 AM, T wrote:
[snip] I support Thunderbird.Â* I see this all the time.Â* I just ignore them. Some customers don't seem to get bothered by this and some do, so I can't put my finger on it. I'm going to do that (ignore the messages) too. It's really a VERY small problem compared to the other spam I have to deal with. [snip] -- 25 days until the winter celebration (Tue Dec 25, 2018 12:00:00 AM for 1 day). Mark Lloyd http://notstupid.us/ "All your western theologies, the whole mythology of them, are based on the concept of God as a senile delinquent." -- Tennessee Williams |
#18
|
|||
|
|||
Oauth2, GMail, and Thunderbird UPDATE
On Fri, 30 Nov 2018 06:16:14 +1300, Ralph Fox
wrote: snip 2. The OAuth2 setting allows you to keep using Thunderbird with Gmail when "allow less secure apps" is turned off. snip I tried it and what Ralph wrote above is correct. I told GMail to turn "allow less secure apps" off and both Thunderbird and iOS mail continue to work normally. The help link in another post which said Outlook and Thunderbird were examples of apps using insecure access methods must be out of date. Apparently, Thunderbird has been updated since that was written to use what google considers acceptable. (I didn't try Outlook since I no longer use it myself, but I think it was Outlook that made me enable "allow less secure apps" a few years ago.) Thanks, Pat snip |
#19
|
|||
|
|||
Oauth2, GMail, and Thunderbird
On 30/11/2018 13.32, Pat wrote:
On Thu, 29 Nov 2018 23:14:49 +0100, "Carlos E.R." wrote: On 29/11/2018 14.25, Pat wrote: In another thread, someone mentioned that enabling OAuth2 in Thunderbird made Google happy (ie, fewer security warnings received). I use Thunderbird to access my GMail account via IMAP. I occassionally get a warning from GMail that my account is more vulnerable to attacks because I have a less secure access method enabled. I ignore those warnings because I thought that was necessary in order to receive mail via IMAP. But, the OAuth2 comment in the other thread made me question that. I checked my settings and found I am using OAuth2 in Thunderbird. However, I am still getting the warnings from Google that I am less secure than I need to be. They give me a single "Fix this" button but no technical explanation of what that will do. If I press that button, will IMAP still work? (Note that I also access my gmail account from an iOS phone so that needs to continue working, too. Finally, I use Thunderbird to access accounts on a number of different servers and accounts, so I have no desire to switch to GMail's web interface or their iOS app. I like having all my eamil come to one place - Thunderbird on my PC and Apple's Mail app on the phone.) Any advice is appreciated. What google wants is you disable "less secure" connections at their web page. At the server side, not at you client side. I understand. If you only use "approved" applications on all your devices, then you can do it. Else ignore the message. But, are the latest iOS mail app (not the gmail specific iOS app) and the latest Thunderbird windows build "approved applications"? I guess I need to try it and find out. Thunderbird is, when using oauth2. The tools I use to fetch mail in background without user intervention are not. A developer told me that non interactive applications (daemons) can not implement it. I believe the oauth2 implementation in Thunderbird uses javascript, thus when there is a problem it can present you a dialog somewhat similar to a web page or with visual elements or something. Take all that with a pinch of salt, I can not be accurate; using some hearsay :-} -- Cheers, Carlos. |
#20
|
|||
|
|||
Oauth2, GMail, and Thunderbird
On 30/11/2018 20.33, Andy Burns wrote:
mechanic wrote: What's insecure about using TCL/SSL for transmission and the usual account name/password to access IMAP? Nothing, unless you're name is google. It would be more secure using a pair of certificates, which is a standard method that other mail programs support, but google doesn't. This OAuth2 stuff seems targeted at HTML APIs. yep. marketing. -- Cheers, Carlos. |
#21
|
|||
|
|||
Oauth2, GMail, and Thunderbird UPDATE
On 30/11/2018 21.13, Pat wrote:
On Fri, 30 Nov 2018 06:16:14 +1300, Ralph Fox wrote: snip 2. The OAuth2 setting allows you to keep using Thunderbird with Gmail when "allow less secure apps" is turned off. snip I tried it and what Ralph wrote above is correct. I told GMail to turn "allow less secure apps" off and both Thunderbird and iOS mail continue to work normally. The help link in another post which said Outlook and Thunderbird were examples of apps using insecure access methods must be out of date. Apparently, Thunderbird has been updated since that was written to use what google considers acceptable. (I didn't try Outlook since I no longer use it myself, but I think it was Outlook that made me enable "allow less secure apps" a few years ago.) No, we have been saying all the time that Thunderbird was considered secure from the start *when using Oauth2*. Google does not consider Thunderbird secure when it uses, say, starttls. So, it is not the program, but the method selected. -- Cheers, Carlos. |
#22
|
|||
|
|||
Oauth2, GMail, and Thunderbird UPDATE
On 12/2/18 4:58 AM, Carlos E.R. wrote:
On 30/11/2018 21.13, Pat wrote: On Fri, 30 Nov 2018 06:16:14 +1300, Ralph Fox wrote: snip 2. The OAuth2 setting allows you to keep using Thunderbird with Gmail when "allow less secure apps" is turned off. snip I tried it and what Ralph wrote above is correct. I told GMail to turn "allow less secure apps" off and both Thunderbird and iOS mail continue to work normally. The help link in another post which said Outlook and Thunderbird were examples of apps using insecure access methods must be out of date. Apparently, Thunderbird has been updated since that was written to use what google considers acceptable. (I didn't try Outlook since I no longer use it myself, but I think it was Outlook that made me enable "allow less secure apps" a few years ago.) No, we have been saying all the time that Thunderbird was considered secure from the start *when using Oauth2*. Google does not consider Thunderbird secure when it uses, say, starttls. So, it is not the program, but the method selected. Just installed a M$O 2019. Try as I may, there was no Oauth2 anywhere in Outlook 2019. Hmmmmmmmmmmm .... Couldn't talk the customer into Thunderbird. Did not want to learn anything new. At least I got him on iMap. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|