MozillaZine

gmail says Thunderbird not safe

User Help for Mozilla Thunderbird
mhbell
 
Posts: 6
Joined: December 21st, 2003, 7:20 pm

Post Posted July 12th, 2014, 11:40 am

Since changing my password I cannot log in to my gmail account using Pop3 and Thunderbird I keep getting the following errors I have tried for 3 days now and cannot get my Gmail with Thunderbird which I have been able to do for over 10 years. Why is Google blocking Thunderbird. Was working fine untill 3 days ago.

Google Account: sign-in attempt blocked.
Hi M H,

We recently blocked a sign-in attempt to your Google Account [XXXX@gmail.com].

Sign in attempt details
Date & Time: Saturday, July 12, 2014 2:06:26 AM UTC
Location: USA


If this was you
You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards.

To learn more, see https://support.google.com/accounts/answer/6009563.

Some examples of apps that do not support the latest security standards include:

Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird

To help keep your account secure, we may block these less secure apps from accessing your account. If this is the case, you have two choices:

Upgrade to a more secure app that uses most up to date security measures. All Google products, like Gmail, use the latest security measures.
Go to Allow less secure apps and choose “Allow” to let less secure apps access your Google account. We don't recommend this option because it may make it easier for someone to gain access to your account. But some cases where you still might want to allow apps access include:
Registered Linux
User #239772

tanstaafl
Moderator

User avatar
 
Posts: 44600
Joined: July 30th, 2003, 5:06 pm

Post Posted July 12th, 2014, 12:42 pm

Google wants email clients to implement OAuth2.0-based authentication, and has stated they intend to cause disruption (hassles) for users that authenticate (login) using a username/password with the POP, IMAP, or SMTP protocol. OAuth 2.0 requires the email client to launch a browser to display a HTML form provided by Google (which can do anything they want) , and then use a token that it returns.

This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they're basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.

I haven't noticed anybody else that has run into this problem (where it wasn't due to password problem or logging in from a new device) yet. The help page states: "Go to Allow less secure apps and choose “Allow” to let less secure apps access your Google account. " I assume they're referring to a tab in the gmail webmail settings. I suggest you try that. Please let me know if that works around the problem

http://mailman13.u.washington.edu/piper ... 02243.html
https://bugzilla.mozilla.org/show_bug.cgi?id=849540 (bug report requesting Thunderbird support OAuth)

mhbell
 
Posts: 6
Joined: December 21st, 2003, 7:20 pm

Post Posted July 12th, 2014, 1:43 pm

I haven't noticed anybody else that has run into this problem (where it wasn't due to password problem or logging in from a new device) yet. The help page states: "Go to Allow less secure apps and choose “Allow” to let less secure apps access your Google account. " I assume they're referring to a tab in the gmail webmail settings. I suggest you try that. Please let me know if that works around the problem


Get a 404 error when I try to go to the above allow less secure apps cannot find it anywhere in settings for gmail or my google account. I think probably google has done this deliberately. If google will not support Thunderbird then I will cancel all of my google accounts and email as well as their apps. I have no use for underhanded tactics.
Registered Linux
User #239772

tanstaafl
Moderator

User avatar
 
Posts: 44600
Joined: July 30th, 2003, 5:06 pm

Post Posted July 12th, 2014, 3:01 pm

Its not in the Gmail webmail settings. I also searched https://www.google.com/settings/security (which has the two factor setup enable setting, and the authorization for my tablet to access Gmail) and https://support.google.com/mail/topic/3 ... ic=3396281 (email client help). I left a comment on the https://support.google.com/accounts/answer/6009563 about the broken link.

You might try reporting a bug via the Report a bug menu item in the Gmail webmail user interface. See http://email.about.com/od/gmailtips/qt/ ... il-Bug.htm

edwinyzh
 
Posts: 1
Joined: August 18th, 2014, 7:42 am

Post Posted August 18th, 2014, 7:55 am

tanstaafl wrote:This appears to be another example of embrace, extend, and extinguish.


I'm not sure about that this is an example of Google using Microsoft's old, disputable marketing trick, but obviously Google would want all people use the web.

For sure this is annoying - we wrote OwnMyCopy (uses IMAP4 protocol), and a user reported such an experience today, obviously it'll make the users doubt the security of our program...

danger89
 
Posts: 1
Joined: September 16th, 2014, 1:01 am

Post Posted September 16th, 2014, 1:10 am

Please, just implement the OAuth2 implementation within Mozilla Thunderbird, see bug report #849540:

https://bugzilla.mozilla.org/show_bug.cgi?id=849540

VanillaMozilla
 
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post Posted January 22nd, 2017, 9:10 am

Using OAuth2 does not solve the problem. I'm using TB 45.5.1 for Linux (Ubuntu), but it still does not allow retrieval of messages unless "Allow less secure apps" is turned on in the Google account. It claims that web login is required, and refuses to accept the password from TB even if it's reentered.

It appears either that OAuth2 is not the problem, or Google is fussing over something else, or there is an error in the Google server.

The bottom line is that to get access to Google mail, you currently need to set the Google account to allow "less secure apps". Whether the user chooses OAuth2 or Normal password is apparently immaterial. The result is the same either way.

I don't see a current bug report on this. Does anyone know of one?

tanstaafl
Moderator

User avatar
 
Posts: 44600
Joined: July 30th, 2003, 5:06 pm

Post Posted January 22nd, 2017, 11:11 am

I haven't tested it recently but it used to be that as long as you configured OAuth2 Gmail would not complain. However, the general trend tends to be for large free email providers to require you to allow less secure apps. For example Yahoo requires "Allow apps that use less secure sign-in" or you may get a "#MBR1212 Incorrect username or password" error. AFAIK there is nothing the Thunderbird developers can do about this unless they want Thunderbird to explicitly lie and identify itself as that email providers mobile app rather than Thunderbird .

In the future please create a new thread rather than add a post to a thread that is more than a year old.

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 8 guests