When trying to access my Google Calendar in Thunderbird, I now get a pop-up asking for my Google password ("The Provider for Google Calendar would like to access your account to retrieve events and tasks"). I tried to email Google to ask if this was a genuine message from them, or a phish, but got no reply.
I have not responded to the pop-up and when I close it all access to my Google calendars disappear. I have a jpg of the pop-up but cannot see how to upload it!
Advice, please
Google Calendar phish?
-
tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Google Calendar phish?
If you go to the Google Calendar web site it prompts you for your google email address and password. So it makes sense that a calendar provider add-on needs that info too. See Why does the login dialog open in my default browser instead of in Thunderbird? in the FAQ for the add-on.
Mozilla requires any add-on on addons.mozilla.org (AMO) to be digitally signed as part of the review process. That reduces the risk that a add-on will do something malicious such as steal your credentials.
https://addons.mozilla.org/en-US/thunde ... -calendar/
Mozilla requires any add-on on addons.mozilla.org (AMO) to be digitally signed as part of the review process. That reduces the risk that a add-on will do something malicious such as steal your credentials.
https://addons.mozilla.org/en-US/thunde ... -calendar/
-
tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Google Calendar phish?
See http://kb.mozillazine.org/Posting_a_scr ... _the_forum if you need to post a screen shot . In this case I don't think its necessary.
-
rattlingroger
- Posts: 2
- Joined: May 7th, 2017, 2:33 am
Re: Google Calendar phish?
That makes sense, but I have been using Thunderbird with Calendar for months without this query. Indeed, all of my calendar postings are displayed 'under' the pop-up but disappear when I avoid entering my password. But perhaps it needs to be reminded that it has a valid signon to Google Calendar?tanstaafl wrote:If you go to the Google Calendar web site it prompts you for your google email address and password. So it makes sense that a calendar provider add-on needs that info too. See Why does the login dialog open in my default browser instead of in Thunderbird? in the FAQ for the add-on.
Mozilla requires any add-on on addons.mozilla.org (AMO) to be digitally signed as part of the review process. That reduces the risk that a add-on will do something malicious such as steal your credentials.
https://addons.mozilla.org/en-US/thunde ... -calendar/
-
tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Google Calendar phish?
If you used OAuth2 (rather than normal password for the authentication method) it periodically renews the token, but its possible (though unusual) for it to fail to renew it, forcing you to enter the credentials again. I don't know which gets used with the add-on. I'll move this thread from Thunderbird Support to the Calendar forum, where you have a better chance of somebody answering your last question.
You might also ask about the tradeoffs between using that add-on and CalDAV.
I suggest you also read http://forums.mozillazine.org/viewtopic ... &t=3029760 (talks about the provider add-on breaking with TB 52.0.1)
You might also ask about the tradeoffs between using that add-on and CalDAV.
I suggest you also read http://forums.mozillazine.org/viewtopic ... &t=3029760 (talks about the provider add-on breaking with TB 52.0.1)