MozillaZine

ATT Email Security

User Help for Mozilla Thunderbird
Bennyd
 
Posts: 190
Joined: April 23rd, 2005, 6:53 am

Post Posted September 19th, 2019, 4:51 am

This is good news, according to AT&T.
--------------------------------------------------------------------------------------------------------------
Learn how to access your email in a more secure way
After our security updates, you’ll have 2 ways to view and manage your email in an app:

(Recommended) Use an email app that encrypts your username and password through technology called Open Authentication, or Oauth. Get step-by-step instructions on how to set up or update your email account in several popular email apps, using our Troubleshoot & Resolve Tool.
Create a secure mail key to sign in to email apps that don’t use OAuth.
--------------------------------------------------------------------------------------------------------------
Also, AT&T helpfully notes:
--------------------------------------------------------------------------------------------------------------
Non-OAuth compatible email apps

Outlook 2010, 2013, 2016
Mozilla Thunderbird
Windows Mail on personal computers running Windows 8 or older
Apple Mail/Mac Mail on macOS 10.10/Yosemite or older

We suggest you switch to an email app that has OAuth. Get step-by-step instructions on how to set up or update your email account in several popular email apps, using our Troubleshoot & Resolve Tool.
--------------------------------------------------------------------------------------------------------------
Frankly, I suggest I get another broadband supplier, but where I live there is not one I want to switch to.
--------------------------------------------------------------------------------------------------------------

Below is what seems to be the solution to yet another AT&T Yahoo complication and probable foul-up. Will the following probably work?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Create a secure mail key
Learn how to create a secure mail key from your mobile device, tablet, or computer.
Have your User ID and password ready to sign in to myAT&T.

Go to Profile > Sign-in info.
Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
Scroll to Secure mail key and select Manage secure mail key.
If you have more than one email address, select the one you want to use.
Select Add secure mail key.
Enter a nickname for the secure mail key to make it easier to recognize.
Select Create secure mail key.
Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
For security purposes, the secure mail key only shows until you select OK.
If you lose or forget the secure mail key, you can create new secure mail keys as needed.
Select OK.
Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)

kerft
 
Posts: 455
Joined: January 30th, 2019, 9:38 am

Post Posted September 19th, 2019, 5:13 am

Thunderbird for a long time does have support for oauth. I don't know the details, but I think you should use oauth and should not do the secure mail key stuff. Although this is about gmail (which you can use if you prefer) it is just to show that thunderbird supports oauth http://kb.mozillazine.org/Using_Gmail_w ... illa_Suite

tanstaafl
Moderator

User avatar
 
Posts: 45653
Joined: July 30th, 2003, 5:06 pm

Post Posted September 19th, 2019, 5:34 am

Gmail pushes OAuth2 as more secure because it suits their business model (you can login to another web site without having to provide your password again, if that other web site supports OAuth2). But for a email client OAuth2 doesn't really gain you anything security wise. You initially have to send a password over a secure connection (just like you do if you use "normal" authentication). The main difference for a Thunderbird user is that somebody with physical access to your PC can't use tools -> options -> privacy -> passwords -> saved passwords to see the saved password (since a token is stored instead), and that once a token is created, its sent instead of a password.

Afterwards Yahoo decided to adopt the same posture. I believe AT&T and Verizon use Yahoo as their email provider. Perhaps the AT&T statement about Thunderbird not supporting OAuth2 is because that feature was only added for yahoo and AOL in version 60. The main reason to use OAuth2 with Gmail is they have a nasty habit of sometimes resetting part of your google accounts settings, breaking the ability to login, if you are not using OAuth2. I haven't heard the same thing about Yahoo/Verizon/AT&T.

The AT&T secure mail key sounds like it might be just another name for a app password. Typically if a email provider supports some type of two step/factor authentication they provide the ability to create an use a app password (instead of the normal password) for any email client that doesn't support two step authentication. The email client doesn't gain any extra security, but it lets you continue to use a smartphone etc. with two-step authentication with that account.

According to https://www.att.com/esupport/article.ht ... /KM1240462
it sounds like AT&T is forcing you to either use OAuth2 or a secure mail key (app password).

Bennyd
 
Posts: 190
Joined: April 23rd, 2005, 6:53 am

Post Posted September 19th, 2019, 10:34 am

I made a "Secure Mail Key" for each of my e-mail accounts. Both accounts are working with the new "Secure Mail Keys" on each of two computers. By the way, you must sign in to the main e-mail account and each sub-account separately and create a unique "Secure Mail Key" for each account.

It seems like a stupid waste of time to accomplish this, however. All that happened is that ATT created a password and I just copy pasted each one into the appropriate e-mail account password setups. I don't see how that improved anything.

Thanks for help and advice once again.

lem3
 
Posts: 26
Joined: May 15th, 2015, 10:29 am

Post Posted September 28th, 2019, 10:35 am

The Oauth2 protocol is different than the older Oauth and there is no backwards compatibility.

Thunderbird lists Oauth2 as an authentication option, the Yahoo (by way of AT&T) document only lists Oauth. I have not been able to get a definitive answer from AT&T regarding which version they are actually requiring, but I'm not hopeful.

It does seem really stupid. In addition to Thunderbird, this change breaks email authentication in every version of Outlook through 2016. I suspect there must be some economic value to Yahoo to risk ticking off a very large number of people.

kerft
 
Posts: 455
Joined: January 30th, 2019, 9:38 am

Post Posted September 28th, 2019, 11:14 am

This article has some related information. https://support.mozilla.org/bm/questions/1269328
Thunderbird I believe supports oauth for yahoo (not at&t yahoo) and gmail. They would like to support it for at&t, but discussions to get keys signed by at&t have failed.
Status as far as I know - at&t email accounts will only work if you create a secure mail key, on webmail, or maybe in newest outlook?

bex1210
 
Posts: 69
Joined: April 17th, 2006, 11:10 am

Post Posted October 9th, 2019, 10:42 am

kerft wrote:This article has some related information. https://support.mozilla.org/bm/questions/1269328


I went to that address, and it provided some excellent guidance on how to set up a secure mail key.

As an AT&T user, and having Thunderbird 60 and Thunderbird 57 (on two different Windows 7 Pro [64 bit] SP1 computers), I have been very confused about the Oauth vs. secure mail key options. I use IMAP mail servers and an SMTP outgoing server.

I still have a few questions, even after reading the thread and the 'Chosen Solution' for secure mail keys.
1. Do the instructions apply to AT&T Email sub-accounts also?
2. It has been a long time since I set up my accounts in Thunderbird. I cannot find any place where I can replace my password with the secure mail key. Can someone give me detailed directions on how to find that option?
3. On the Account Settings->Server Settings screen, there are 6 options under 'Authentication Method'. Mine is currently set to 'Normal password'. Is that still correct with the secure mail key, or do I need to change it to one of the other options? My Connection security is 'STARTTLS'. Does that need to change?
4. To complicate matters, AT&T simultaneously sent out another Email whereby they are changing their name from att.net to currently.com. In Thunderbird, do I have to change my Server names (Incoming & Outbound) and user names from att.net to currently.com, or can I leave them as they are?
5. Although I hardly ever use it, I also have a Yahoo! Mail account. Do I need to make similar changes for a secure mail key there?

Thanks for any help you can provide,


Harry

sfhowes
 
Posts: 427
Joined: April 1st, 2012, 10:21 am

Post Posted October 9th, 2019, 11:13 am

bex1210 wrote:
kerft wrote:This article has some related information. https://support.mozilla.org/bm/questions/1269328


I went to that address, and it provided some excellent guidance on how to set up a secure mail key.

As an AT&T user, and having Thunderbird 60 and Thunderbird 57 (on two different Windows 7 Pro [64 bit] SP1 computers), I have been very confused about the Oauth vs. secure mail key options. I use IMAP mail servers and an SMTP outgoing server.

I still have a few questions, even after reading the thread and the 'Chosen Solution' for secure mail keys.
1. Do the instructions apply to AT&T Email sub-accounts also?
2. It has been a long time since I set up my accounts in Thunderbird. I cannot find any place where I can replace my password with the secure mail key. Can someone give me detailed directions on how to find that option?
3. On the Account Settings->Server Settings screen, there are 6 options under 'Authentication Method'. Mine is currently set to 'Normal password'. Is that still correct with the secure mail key, or do I need to change it to one of the other options? My Connection security is 'STARTTLS'. Does that need to change?
4. To complicate matters, AT&T simultaneously sent out another Email whereby they are changing their name from att.net to currently.com. In Thunderbird, do I have to change my Server names (Incoming & Outbound) and user names from att.net to currently.com, or can I leave them as they are?
5. Although I hardly ever use it, I also have a Yahoo! Mail account. Do I need to make similar changes for a secure mail key there?

Thanks for any help you can provide,


Harry

1. Use a different secure mail key for each account, but use the same one for an account set up on different computers.
2. Tools/Options/Security/Passwords/Saved Passwords, show passwords, right-click, Edit Password, for incoming and outgoing.
3. Use authentication = normal password but apply the secure mail key. Security is STARTTLS if the port is 143 (incoming IMAP) or 587 (SMTP). It's SSL/TLS for port 993 (IMAP) or 995 (POP).
4. Leave server names as is until they notify to change them.
5. TB supports OAuth2 for Yahoo accounts, and if you apply that to an account, enter the standard account password during OAuth authentication process - which will write a key-like token in Saved Passwords. If the Yahoo account works as is, no need to change it.

bex1210
 
Posts: 69
Joined: April 17th, 2006, 11:10 am

Post Posted October 9th, 2019, 11:06 pm

sfhowes:

Thanks for all the great information. I have my primary AT&T account now all set up with a secure mail key.

But I am having trouble with my sub-accounts. The AT&T instructions clearly state that sub-accounts must each have their own secure mail key. However, when I access my Manage sub-accounts page, select a sub-account and then click on Edit, there is no place there to create a secure mail key. I have searched all over my account page(s) as well as used the AT&T search function, and I cannot find any way to create a secure mail key for sub-accounts.

Any suggestions?

Harry

sfhowes
 
Posts: 427
Joined: April 1st, 2012, 10:21 am

Post Posted October 10th, 2019, 9:13 am


bex1210
 
Posts: 69
Joined: April 17th, 2006, 11:10 am

Post Posted October 10th, 2019, 10:29 pm


sfhowes:

You are amazing! I don't know how you find all these obscure pieces of information, but the 'Sub-account secure mail key' post from May, 2018 was perfect. I now created a secure mail key for the two sub-account email addresses that I have. It is sad that this post was almost 16 months ago, and AT&T has never corrected their Support article to incorporate this small detail.

I am sorry that this post will be so long. but I now have a new problem. First, let me make sure I am doing this correctly. On my Windows 7 desktop (Thunderbird 60), I have multiple accounts, but only one att.net account. Call it ''my1@att.net'. The IMAP mail server for this account is imap.mail.att.net, on Port 993.The Outgoing Server I use for ALL my accounts (the Default) is smtp.mail.att.net on Port 586, with user name of 'my1@att.net'.

I then created a secure mail key for account 'my1@att.net'. On the list of Saved Logins, I replaced the previous password with the secure mail key number for the following three entries:
imap://imap.mail.att.net
smtp://outbound.att.net
smtp://smtp.mail.att.net

Did I do that correctly? Everything seems to be working fine. I can send from, and receive at 'my1@att.net'.

Then I went to my Windows 7 laptop (Thunderbird 57). I have all of the same multiple accounts on the laptop that I have on the desktop, including 'my1@att.net'. Also like the desktop, the Outgoing Server I use for ALL my accounts (the Default) is the same as on my desktop: smtp.mail.att.net on Port 586, with user name of 'my1@att.net'.

But I also have two sub-accounts on the laptop: 'my2@att.net', and 'my3@att.net'. So following the 'Sub-account secure mail key' post, I created secure mail keys for accounts 'my2@att.net' and 'my3@att.net'.

Now I am getting into trouble on the list of Options->Security->Saved Passwords.
For 'my2@att.net', I replaced the previous password with the secure mail key number for the following two entries:
imap://imap.mail.att.net
smtp://outbound.att.net

For 'my3@att.net', I replaced the previous password with the secure mail key number for the following entry:
imap://imap.mail.att.net
For some reason, there is no smtp://outbound.att.net, although my Account Settings->Server Settings appear correct.

But there is a problem with my'1@att.net'. You said I should I should use the same secure mail key for this account as I did for that account on my desktop. So I used that secure mail key for the following 2 entries:
imap://imap.mail.att.net
smtp://smtp.mail.att.net
Like 'my3@att.net' above, there is no smtp://outbound.att.net for'1@att.net', although my Account Settings->Server Settings appear correct.

More importantly, I then could not send from ANY of my 3 att.net accounts! I got an error message which says that "Login to Account 'ATT Outgoing Server' failed. I tried this multiple times. I also tried the trick when a password is not remembered due to a server being down (you delete the password, and enter it as a new password when you get the above message).

So on the laptop "ATT Outgoing Server', I changed the user name (and its secure mail key) from '1@att.net' to '2@att.net'. Now I can send an Email from '2@att.net' to a non-att.net account, but not from either '1@att.net' or '3@att.net'.

I cannot diagnose the problem. I need your expertise!


Harry

sfhowes
 
Posts: 427
Joined: April 1st, 2012, 10:21 am

Post Posted October 11th, 2019, 10:27 am

I think you can clear this up by having each incoming account send on an smtp server with the corresponding User Name and password (mail key). In Tools/Account Settings, select an account in the left pane and then look at Outgoing Server (SMTP) in the lower right pane. Instead of having all accounts send through a Default server, set each account to send on a separate smtp, i.e. my2 sends on smtp2, my3 sends on smtp3 etc. Add as many smtp servers as necessary in Outgoing Server (SMTP) at the bottom left of Account Settings. Enter the appropriate mail key when prompted, and check the box to store it in Saved Passwords.

bex1210
 
Posts: 69
Joined: April 17th, 2006, 11:10 am

Post Posted October 11th, 2019, 10:27 pm

sfhowes:

I followed your advice to have each account set up so that it sends on a separate SMTP. But I am doing something wrong, because it is not working.

You say "add as many smtp servers as necessary…. Enter the appropriate mail key when prompted…" Do you mean on the Account Setting window, to first select an account so the Account Settings screen appears, then at the bottom of the left hand column, to click on 'Account Actions' and then select 'Add Mail Account'? If so, then I get a screen that titled 'Set Up an Existing Email Account'. Am I OK so far? And once set up, is there an 'Edit Mail Account' screen anywhere, so I can test an account already set up?

When I set up an account, and press the test button, I get a screen which says: 'The following settings were found by probing the given server'. But my incoming is shown as a POP3 account, rather than SMTP. If I change it to SMTP and use correct port, SSL, etc., and re-test, I get a message which says: "Thunderbird failed to find the settings for your Email account.' If I leave it as POP3 incoming and select 'Done' I get a message that says my password in incorrect, although I entered it (the secure key) correctly both on this screen and on the Options-> Security -> Saved Passwords screen.

If I then try to send a message from one of these accounts which appear on the Saved Passwords screen as having the correct information, including the secure mail key for smtp.mail.att.net, imap.mail.att.net, and outbound.att.net, I get an error message saying: 'Send Message Error. Sending of the message failed. An error occurred while sending mail. Outgoing Server (SMTP) my2OutboundServer is unknown. The server may be incorrectly configured. Please verify that the settings are correct, and try again.'

In one instance, on the Account Settings screen, while trying to set up my3@att.net, I get an Account Wizard screen which says: An account with that name already exists. Please enter a different account name.'

So clearly something is really wrong, but I don't know how to proceed.


Harry

sfhowes
 
Posts: 427
Joined: April 1st, 2012, 10:21 am

Post Posted October 12th, 2019, 7:12 am

Outgoing Server (SMTP) is at the bottom of the left pane of Account Settings, above Account Actions. That is where you can add or edit smtp servers, if they aren't already there. Add Existing Mail Account or Add Mail Account are only for setting up a POP or IMAP account, which you appear to already have done. In doing so, an smtp server was probably added, but it may not be the one the POP or IMAP account is sending on.

When you get the 'already exists' error, change the Account Name so each account has its own name.

bex1210
 
Posts: 69
Joined: April 17th, 2006, 11:10 am

Post Posted October 12th, 2019, 10:47 pm

sfhowes:

I set up my1@att.net on my laptop EXACTLY the same as on my desktop. I also made sure that on the Options-> Saved passwords page that imap://imap.mail.att.net (imap://imap.mail.att.net), smtp://outbound.att.net (smtp://outbound.att.net), & smtp://smtp.mail.att.net (smtp://smtp.mail.att.net) have the same user name and secure mail key on the laptop as on the desktop.

I can send and receive from my1@att.net on my desktop just fine. If I try to SEND FROM my1@att.net on my laptop, I get an error message which says: 'Login to server smtp.mail.att.net with username my1@att.net failed.' I get the same message if I try to SEND TO my1@att.net.

What am I missing?

Harry

Return to Thunderbird Support


Who is online

Users browsing this forum: Bing [Bot] and 5 guests