GMail error mess: Thunderbird to be 'less than secure app'

Discussion of general topics about Mozilla Thunderbird
Posts: 7
Joined: October 20th, 2006, 8:53 am
Location: Minneapolis, MN

Post Posted November 17th, 2016, 9:11 pm

After resetting my Google password, my emails stopped coming into Thunderbird (v.455.4.0 running on Win7 Pro).

First I received the error message:
Sending of password for user did not succeed. Mail server responded: Web login required:

Followed by the error message:
Sending of username did not succeed. Mail server responded: Too many commands before auth x36mb16386866qte

With a little (actually, a lot) of investigation, and checking my Google/GMail recovery email account I found the following email content:

<Start email>
Hi Richard,
Google just blocked someone from signing into your Google Account from an app that may put your account at risk.
Less secure app
Thursday, November 17, 2016 7:00 PM (Central Standard Time)
<I removed this state entry>, USA*
Don't recognize this activity?
If you didn't recently receive an error while trying to access a Google service, like Gmail, from a non-Google application, someone may have your password.

<Then a button to "SECURE YOUR ACCOUNT">

Are you the one who tried signing in?
Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date. You can continue to use this app by allowing access to less secure apps, but this may leave your account vulnerable.

The Google Accounts team
*The location is approximate and determined by the IP address it was coming from.
This email can't receive replies. For more information, visit the Google Accounts Help Center.
<End email>

Bingo! When I turned on the option to allow 'less secure apps', the email service resumed.

That leaves me with the questions:
A) Why is Thunderbird considered a 'less secure app' by GMail?
B) Why would changing my Google password create this issue?
C) Are there any settings in Thunderbird I can adjust to get it functioning in a manner in which Google considers it to be a 'secure app'?
D) Are Mozilla/Thunderbird devs aware of this issue??

Looking forward to some help with this. Please cover all four questions.



User avatar
Posts: 120266
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted November 18th, 2016, 5:47 am

That's Google being Google.

MozillaZine Knowledge Base wrote:Using OAuth2 for "secure authentication" will popup a window for your password using your systems default browser. It requires cookies to be enabled for It creates a token that will be used as if it was a stored password, by the password wizard. You can use a normal password instead for "secure authentication". However, unless you log into using a browser and select Allow to let less secure apps access your Google account Gmail may return an error when you try to login if you haven't had the Gmail account for at least 90 days. Using a password is just as secure as OAuth2, except for the possibility for somebody to use Tools -> Options -> Security -> Passwords -> Saved Passwords to view your saved password. This is really just an attempt to increase use of OAuth2, which supports their business plan by supporting logging into third party web sites such as Facebook or Twitter without exposing the users password.]MozillaZine Knowledge Base

If you changed the Gmail passwords using a browser the error would be triggered when Thunderbird tried to log in using the old password stored for automatic entry.

Posts: 7
Joined: October 20th, 2006, 8:53 am
Location: Minneapolis, MN

Post Posted November 18th, 2016, 9:16 am


Anything Mozilla can do to reduce or eliminate the issue?

Posts: 268
Joined: January 20th, 2015, 12:29 pm

Post Posted November 18th, 2016, 1:11 pm

I think OAuth2 might be the default when setting up a new Gmail account in Thunderbird now. I know it's supported.

Posts: 11
Joined: July 7th, 2005, 12:08 pm

Post Posted March 20th, 2017, 11:03 am

You can enable OAuth2 for your Gmail account. In Server Settings in the Security Settings group select OAuth2 for Authentication method.


User avatar
Posts: 44325
Joined: July 30th, 2003, 5:06 pm

Post Posted March 22nd, 2017, 10:47 pm

OAuth2 is the default for Gmail IMAP. Its not an option for Gmail POP (Google's decision, not Mozilla's), so if you want to use a POP account you need to log into your google profile and enable "use less secure apps" per Dan's post. Unless you hate IMAP accounts I suggest you configure the Gmail account to be a IMAP account. It has many advantages, and seems to be the direction the industry is moving. ... _a_profile

Return to Thunderbird General

Who is online

Users browsing this forum: Google [Bot] and 3 guests