Google tightening email security

[ndebord]

PS I may be onto something but I think my username is being incorrectly parsed by omitting data after the "."
eg my email address of ... @gmail.com is being seen within OAuth2 / POP as being dlawton, instead of dlawton.nz ??
OAuth2 / SMTP works fine...

PPS Fixed it! The clue above got me hunting in the "about:config" settings within the SM browser. I found a small bunch of historic anomalies where the username dlawton was still configured vs dlawton.nz mostly in the mail identities part of the config. Changed the faulty entries (Went thru the whole config file) and BINGO - interesting to note that the errors were in the config file, not in the "Mail & Newsgroup Account Settings" themselves.

With Google, I am now using POP access to my Gmail account - but that *does* work with OAuth2, and without "less secure apps" support enabled!!

davexl

So, I looked into about:config too, not. sure what anomalies you are talking about in username info. Also curious about the OAuth2 info in saved passwords. I have the normal ones under my username and then one using OAuth2, not sure what to make of having 2 entries for Gmail.

Tks,

Nick

[therube]

The way Google worded things is:

Google will automatically turn this setting off if it’s not being used.

https://support.google.com/accounts/ans ... ur-account

So, to me at least, that seems to mean that if you are using it, it will continue to work.
(Now, if that turns out to be the case, that's a different story. Long live Eudora .)


Nonetheless, if you do lose "Less secure app access", you will still have access to gmail in SeaMonkey (& TB, both POP3 & IMAP) by using OAuth2.


And that said, it cannot hurt to test - ahead of time, to verify that "you" can get OAuth2 working in SeaMonkey.

Create a new Profile
Enter Mail
Manually set things up
Enter bogus username & whatnot - for the time being
* Set it so that (both), "Check for new messages... at/every" are DISABLED
* Set it so that messages are, "Leave messages on server"
(that way, checking mail in this Profile won't [I should say, shouldn't - cause after all, this is Google] affect what you see, or not, in your original Profile)

After those settings are changed, now go back in & enter your correct username & whatnot.

Do note that a new Profile WILL download ALL of your (POP) messages.
What you can do there, is after a few have actually downloaded, simply close mail.

When you reopen Mail - because of the setting changes you made, no new message will (automatically) start to download, but with what you've got, you should be able to verify that your changes (to OAuth2) will work (& should also work when you apply them to your regular Profile).

[RDaneel]

David - thanks so much for your "about:config" explorations and observations - I used these to solve my own [Office 365 POP access] OAuth2 issue!

Details are over in my entry in the Bugs area - which is now marked FIXED.

[davexl]

PS I may be onto something but I think my username is being incorrectly parsed by omitting data after the "."
eg my email address of ... @gmail.com is being seen within OAuth2 / POP as being dlawton, instead of dlawton.nz ??
OAuth2 / SMTP works fine...

PPS Fixed it! The clue above got me hunting in the "about:config" settings within the SM browser. I found a small bunch of historic anomalies where the username dlawton was still configured vs dlawton.nz mostly in the mail identities part of the config. Changed the faulty entries (Went thru the whole config file) and BINGO - interesting to note that the errors were in the config file, not in the "Mail & Newsgroup Account Settings" themselves.

With Google, I am now using POP access to my Gmail account - but that *does* work with OAuth2, and without "less secure apps" support enabled!!

davexl

So, I looked into about:config too, not. sure what anomalies you are talking about in username info. Also curious about the OAuth2 info in saved passwords. I have the normal ones under my username and then one using OAuth2, not sure what to make of having 2 entries for Gmail.

Tks,

Nick

Hi Nick - the clue for me from looking into the Passwords manager for gmail, was that the Pop entry had dlawton, whereas the SMTP entry had dlawton.nz (which was the same for OAuth2 entry in Google PW where the authentication had 1/2 worked for SMTP only.

The username used was derived from an old email address that was still being referenced in my config file.
It was in there because I had been installing over the top of previous revisions which had used a different email address previously.

Somehow it carried on working up to now, but OAuth2 must do a username check for consistency between the POP & SMTP side and found the difference. That's my take on things anyway. I've had SeaMonkey for so long, there are bound to be inconsistencies in the config file anyway, so using about:config is a useful way to check for anomalies, without migrating everything across to a new profile. Just be careful when editing config. Cheers.

[davexl]

David - thanks so much for your "about:config" explorations and observations - I used these to solve my own [Office 365 POP access] OAuth2 issue!

Details are over in my entry in the Bugs area - which is now marked FIXED.

Great work RDaneel - very pleased for you!

[davexl]

Okay, here is what I got to work for POP gmail...

I changed the setting to OAth2 (with Port 995 and SSL/TLS) and did a restart of SeaMonkey. Then upon accessing gmail, got the invitation to sign on to Google, which I did, and then I had to allow --> Thunderbird <-- to access my account. After that, SeaMonkey gmail access appears to work fine.

Nice work Pete! The best part is that TB is already considered more secure than SM, so SeaMonkey just has to tag along with OAuth2...

[davexl]

David - thanks so much for your "about:config" explorations and observations - I used these to solve my own [Office 365 POP access] OAuth2 issue!

Details are over in my entry in the Bugs area - which is now marked FIXED.

After reading your entries, I can tell you know much more about programming than I ever did. Will have to look up the difference between qualified and unqualified user names now! Something to do with including the domain name portion? I'll better google it...

[jgreer]

I wrote to Google about this. Here’s their reply: You can enabled 2-step verification on the account and use an application password for Seamonkey to sign in with.

What do you think?

[v_v]

jgreer,

Read through this entire thread, and test everything out ahead of time.

[jgreer]

jgreer,

Read through this entire thread, and test everything out ahead of time.

I did read the entire thread and was thoroughly confused. So I asked google and got the above answer. I continued to ask stuff, though: "If I do that, do I have to always remember my password? Can I set my own password? Do I keep the pop/imap etc. unchanged? Do I have to change ports to receive and send on seamonkey?"
The answer was this: "The third-party app (Seamonkey) should remember the password for you. If it doesn't (you have to enter it each time you open Seamonkey) then you'll have to save the password to copy/paste each time. Nothing else about the configuration should change."

I'm tempted to try it. Again, what do you guys think?