Why does Yahoo think TB is a "less secure" application?
-
Zosimos
- Posts: 170
- Joined: April 23rd, 2004, 12:12 pm
- Location: Ohio, USA
Why does Yahoo think TB is a "less secure" application?
What is a 'secure' application according to Yahoo/Oath? Their own app? Or is there something else that doesn't require a special setting to allow your mail to be downloaded without logging in? I'm just wondering if there are any real risks to using TB to get my Yahoo mail or if this is a scam to try to trick people into only using the vendor app that probably does a lot of snooping. Is there some new email protocol that TB is missing?
-
DanRaisch
- Moderator
- Posts: 127231
- Joined: September 23rd, 2004, 8:57 pm
- Location: Somewhere on the right coast
Re: Why does Yahoo think TB is a "less secure" application?
NoZosimos wrote:What is a 'secure' application according to Yahoo/Oath? Their own app? Or is there something else that doesn't require a special setting to allow your mail to be downloaded without logging in?
There is no greater risk in using Thunderbird than any other email client and there is nothing making Yahoo's webmail page (through a browser) more secure than other means of access.Zosimos wrote:I'm just wondering if there are any real risks to using TB to get my Yahoo mail or if this is a scam to try to trick people into only using the vendor app that probably does a lot of snooping.
No, there is not. It's all Yahoo hype.Zosimos wrote: Is there some new email protocol that TB is missing?
-
tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Why does Yahoo think TB is a "less secure" application?
Gmail started that hype. Yahoo adopted it later on to promote their own apps/webmail.
Oauth2 is a authentication protocol. Rather than sending a password over a encrypted secure connection you send a token over a encrypted secure connection. It does eliminate the ability to see a stored password using tools -> options -> security -> passwords -> saved passwords. That is not an issue for most users. If it is, you could add a master password or use other alternatives such as using Keepass or Lastpass rather than the built-in password wizard.
The Yahoo Oauth2 developers guide at https://developer.yahoo.com/oauth2/guide/ states OAuth 2.0 is currently supported by Yahoo Gemini and Yahoo Social APIs. Last I heard Yahoo didn't support OAuth2 in their email yet, and the Thunderbird developers were unable to contact anybody to get the details needed so that Thunderbird could support it when it eventually becomes available.
Oauth2 is a authentication protocol. Rather than sending a password over a encrypted secure connection you send a token over a encrypted secure connection. It does eliminate the ability to see a stored password using tools -> options -> security -> passwords -> saved passwords. That is not an issue for most users. If it is, you could add a master password or use other alternatives such as using Keepass or Lastpass rather than the built-in password wizard.
The Yahoo Oauth2 developers guide at https://developer.yahoo.com/oauth2/guide/ states OAuth 2.0 is currently supported by Yahoo Gemini and Yahoo Social APIs. Last I heard Yahoo didn't support OAuth2 in their email yet, and the Thunderbird developers were unable to contact anybody to get the details needed so that Thunderbird could support it when it eventually becomes available.