Google screwed up my Gmail acct in Thunderbird

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?

On 09/07/2018 04:08 PM, cameo wrote:
One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?

Google is angry that Thunderbird (and Outlook, etc.) do not give
Google pop ups of s*** to buy. So they call them as "less secure
apps" rather than fessing up to what is really going on. (My ass
Thunderbird is less secure. Their web page is far less secure.)


1) log into your gMail account in a web browser

2) In a second tab, turn on Less Secure Apps
https://support.google.com/accounts/.../6010255?hl=en

HTH,
-T

On Fri, 7 Sep 2018 16:08:42 -0700, cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?


There is a simple fix:
In Thunderbird, change your Gmail account to use OAuth2 authentication.

Here is a screen-shot of the OAuth2 option in Thunderbird.
http://i.imgur.com/dPUg7N3.png


--
Kind regards
Ralph

On Fri, 7 Sep 2018 16:19:35 -0700, T wrote:

Google is angry that Thunderbird (and Outlook, etc.) do not give
Google pop ups of s*** to buy. So they call them as "less secure
apps" rather than fessing up to what is really going on.

That is not correct.

If you change Thunderbird to use OAuth2 authentication with Gmail,
then Thunderbird will not be "less secure".

Google calls an email program "less secure" if it does not use either
OAuth2 authentication or a Google "app password".


(My ass
Thunderbird is less secure. Their web page is far less secure.)

The insecurity is not Thunderbird. The insecurity is the normal
passwords which may people use (in Thunderbird or any other program).

If someone uses a simple normal password, a hacker can connect to Gmail
and keep trying passwords until he cracks the Gmail account. Every year
many people get their email accounts hacked because they use simple normal
passwords.


--
Kind regards
Ralph
🦊

On 09/07/2018 08:01 PM, Ralph Fox wrote:
On Fri, 7 Sep 2018 16:08:42 -0700, cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?


There is a simple fix:
In Thunderbird, change your Gmail account to use OAuth2 authentication.

Here is a screen-shot of the OAuth2 option in Thunderbird.
http://i.imgur.com/dPUg7N3.png


Someone made the comment that OAuth2 only works for IMAP. (Unless TB
added it for pop).

On Fri, 7 Sep 2018 20:23:17 -0400, Big Al wrote:

On 09/07/2018 08:01 PM, Ralph Fox wrote:
On Fri, 7 Sep 2018 16:08:42 -0700, cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it. So I did click
it and ever since I can't use that email account in Thunderbird. The
worst thing is that I can't even go back to the state before that
security warning. Interestingly, I also have 2 other Gmail accounts
there and they work fine because I did not try to "fix" them.
I tried to remove the failing account and then re-add it to Thunderbird
with the same server settings as the other 2 working accounts, but it is
still a no-go. Any suggestions?


There is a simple fix:
In Thunderbird, change your Gmail account to use OAuth2 authentication.

Here is a screen-shot of the OAuth2 option in Thunderbird.
http://i.imgur.com/dPUg7N3.png


Someone made the comment that OAuth2 only works for IMAP. (Unless TB
added it for pop).


AFAICT OAuth2 works for IMAP and for SMTP, but not for POP.

If someone wants to POP their Gmail, use a Google app password with
the POP account. A Google app password also meets Gmail's requirements
for not being "less secure".


--
Kind regards
Ralph

cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it.

That would not be due to an e-mail you viewed in any e-mail client
UNLESS you are so deliberately ignorant as to allow Javascript to run in
HTML-formatted e-mails. You got that message when you used Gmail's
webmail client, not when using Thunderbird.

So I did click it and ever since I can't use that email account in
Thunderbird.

Google considers any e-mail client that doesn't employ OAUTH2 to be
insecure. OAUTH was never about security of content or communiction but
about identification (of who was accessing an account). Google (and
others) got involved and royally screwed up OAUTH2 to make it for their
own ID purposes. They want to track WHO is accessing an account.

One of the original collaborators, and who turned out to be the major
contributor to OAUTH, relinquished all involvement with OAUTH2 and
apologized for what Google (and Microsoft) turned it into. Watch:

"**** OAUTH"
https://vimeo.com/52882780
(gee, I wonder why this video isn't at Google's Youtube)

Go into your Gmail account and *allow* "less secure" clients to access
your Gmail account. If you are using IMAPS or POPS then your
communication is secure. If you are using a *strong* password then your
account is secure (and NEVER use the same password at multiple sites -
you should use a unique password at each site). OAUTH[2] won't improve
on that security. When Google is claiming non-Google clients are less
secure, they are lying.

The fix is up in your online account. You have to change the setting to
ALLOW what Google claims (but is untrue) are insecure clients to access
your account.

On 09/07/2018 05:18 PM, Ralph Fox wrote:
If you change Thunderbird to use OAuth2 authentication with Gmail,
then Thunderbird will not be "less secure".

You would think. But gMail kicks Thunderbird out anyway.
I correct this issue ALL-THE-TIME.

On 09/07/2018 05:18 PM, Ralph Fox wrote:
If someone uses a simple normal password, a hacker can connect to Gmail
and keep trying passwords until he cracks the Gmail account. Every year
many people get their email accounts hacked because they use simple normal
passwords.

If I am not mistaken, gMail will kick you out for a time if you gof the
password too many times.

The the password problem is only getting worse with services asking for
a new password every so often. Users simply add a letter to the end of
their old password, making each subsequent password less secure each
iteration.

On 09/07/2018 05:18 PM, Ralph Fox wrote:
Google "app password"

is not any more secure any more than Thunderbird over ssh.
This is about you not seeing their pop ups.

On 09/07/2018 06:16 PM, T wrote:
On 09/07/2018 05:18 PM, Ralph Fox wrote:
If you change Thunderbird to use OAuth2 authentication with Gmail,
then Thunderbird will not be "less secure".

You would think.Â* But gMail kicks Thunderbird out anyway.
I correct this issue ALL-THE-TIME.

When Thunderbird installs, it automatically sets gMail up with
OAUTH and then sends you to turn on less secure apps.

Where I see this is when gMail sends out a "Security Checkup" and the
first thing it requests you do it turn off "less secure apps". Then
my phone turns red. And they are ALL on OAUTH.

On 9/7/2018 6:00 PM, VanguardLH wrote:
cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it.

That would not be due to an e-mail you viewed in any e-mail client
UNLESS you are so deliberately ignorant as to allow Javascript to run in
HTML-formatted e-mails. You got that message when you used Gmail's
webmail client, not when using Thunderbird.

So I did click it and ever since I can't use that email account in
Thunderbird.

Google considers any e-mail client that doesn't employ OAUTH2 to be
insecure. OAUTH was never about security of content or communiction but
about identification (of who was accessing an account). Google (and
others) got involved and royally screwed up OAUTH2 to make it for their
own ID purposes. They want to track WHO is accessing an account.

One of the original collaborators, and who turned out to be the major
contributor to OAUTH, relinquished all involvement with OAUTH2 and
apologized for what Google (and Microsoft) turned it into. Watch:

"**** OAUTH"
https://vimeo.com/52882780
(gee, I wonder why this video isn't at Google's Youtube)

Go into your Gmail account and *allow* "less secure" clients to access
your Gmail account. If you are using IMAPS or POPS then your
communication is secure. If you are using a *strong* password then your
account is secure (and NEVER use the same password at multiple sites -
you should use a unique password at each site). OAUTH[2] won't improve
on that security. When Google is claiming non-Google clients are less
secure, they are lying.

The fix is up in your online account. You have to change the setting to
ALLOW what Google claims (but is untrue) are insecure clients to access
your account.

I've been in my Gmail account via the Chrome browser but can't see where
the option is to allow less secure apps.

On 09/07/2018 07:22 PM, cameo wrote:
On 9/7/2018 6:00 PM, VanguardLH wrote:
cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it.

That would not be due to an e-mail you viewed in any e-mail client
UNLESS you are so deliberately ignorant as to allow Javascript to run in
HTML-formatted e-mails.Â* You got that message when you used Gmail's
webmail client, not when using Thunderbird.

So I did click it and ever since I can't use that email account in
Thunderbird.

Google considers any e-mail client that doesn't employ OAUTH2 to be
insecure.Â* OAUTH was never about security of content or communiction but
about identification (of who was accessing an account).Â* Google (and
others) got involved and royally screwed up OAUTH2 to make it for their
own ID purposes.Â* They want to track WHO is accessing an account.

One of the original collaborators, and who turned out to be the major
contributor to OAUTH, relinquished all involvement with OAUTH2 and
apologized for what Google (and Microsoft) turned it into.Â* Watch:

Â*Â* "**** OAUTH"
Â*Â* https://vimeo.com/52882780
Â*Â* (gee, I wonder why this video isn't at Google's Youtube)

Go into your Gmail account and *allow* "less secure" clients to access
your Gmail account.Â* If you are using IMAPS or POPS then your
communication is secure.Â* If you are using a *strong* password then your
account is secure (and NEVER use the same password at multiple sites -
you should use a unique password at each site).Â* OAUTH[2] won't improve
on that security.Â* When Google is claiming non-Google clients are less
secure, they are lying.

The fix is up in your online account.Â* You have to change the setting to
ALLOW what Google claims (but is untrue) are insecure clients to access
your account.

I've been in my Gmail account via the Chrome browser but can't see where
the option is to allow less secure apps.



1) log into your gMail account in a web browser

2) In a second tab, turn on Less Secure Apps
https://support.google.com/accounts/.../6010255?hl=en

HTH,
-T

On 9/7/2018 7:24 PM, T wrote:
On 09/07/2018 07:22 PM, cameo wrote:
On 9/7/2018 6:00 PM, VanguardLH wrote:
cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it.

That would not be due to an e-mail you viewed in any e-mail client
UNLESS you are so deliberately ignorant as to allow Javascript to run in
HTML-formatted e-mails.Â* You got that message when you used Gmail's
webmail client, not when using Thunderbird.

So I did click it and ever since I can't use that email account in
Thunderbird.

Google considers any e-mail client that doesn't employ OAUTH2 to be
insecure.Â* OAUTH was never about security of content or communiction but
about identification (of who was accessing an account).Â* Google (and
others) got involved and royally screwed up OAUTH2 to make it for their
own ID purposes.Â* They want to track WHO is accessing an account.

One of the original collaborators, and who turned out to be the major
contributor to OAUTH, relinquished all involvement with OAUTH2 and
apologized for what Google (and Microsoft) turned it into.Â* Watch:

Â*Â* "**** OAUTH"
Â*Â* https://vimeo.com/52882780
Â*Â* (gee, I wonder why this video isn't at Google's Youtube)

Go into your Gmail account and *allow* "less secure" clients to access
your Gmail account.Â* If you are using IMAPS or POPS then your
communication is secure.Â* If you are using a *strong* password then your
account is secure (and NEVER use the same password at multiple sites -
you should use a unique password at each site).Â* OAUTH[2] won't improve
on that security.Â* When Google is claiming non-Google clients are less
secure, they are lying.

The fix is up in your online account.Â* You have to change the setting to
ALLOW what Google claims (but is untrue) are insecure clients to access
your account.

I've been in my Gmail account via the Chrome browser but can't see
where the option is to allow less secure apps.



1) log into your gMail account in a web browser

2) In a second tab, turn on Less Secure Apps
Â*Â* https://support.google.com/accounts/.../6010255?hl=en

HTH,
-T

Thanks, I've got it and it fixed the problem.

On 09/07/2018 07:40 PM, cameo wrote:
On 9/7/2018 7:24 PM, T wrote:
On 09/07/2018 07:22 PM, cameo wrote:
On 9/7/2018 6:00 PM, VanguardLH wrote:
cameo wrote:

One day it popped up a message saying that my Gmail account was not
secure there and offered me a button to click to fix it.

That would not be due to an e-mail you viewed in any e-mail client
UNLESS you are so deliberately ignorant as to allow Javascript to
run in
HTML-formatted e-mails.Â* You got that message when you used Gmail's
webmail client, not when using Thunderbird.

So I did click it and ever since I can't use that email account in
Thunderbird.

Google considers any e-mail client that doesn't employ OAUTH2 to be
insecure.Â* OAUTH was never about security of content or communiction
but
about identification (of who was accessing an account).Â* Google (and
others) got involved and royally screwed up OAUTH2 to make it for their
own ID purposes.Â* They want to track WHO is accessing an account.