X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Support for GMAIL 2-step verification and App Password

Veröffentlicht

Hi, Has anyone managed to get Thunderbird to work with a Gmail "App Password"? I've just enabled 2-step verification, generated an App Password for Thunderbird to use, and simply can't get it to work. I've gone into the password manager (Options / Security / Saved Passwords) and edited the password for both inbound and outbound. The Google App Password is a 16 character string displayed in groups of four, I've tried with or without the space between the groups.

All that Thunderbird does it to open a web page with Google login, and that page only accepts the basic Google password, with the 2 factor authentication.

Anyone got this to work and can point out the step I've missed?

Thanks, Tony S

Hi, Has anyone managed to get Thunderbird to work with a Gmail "App Password"? I've just enabled 2-step verification, generated an App Password for Thunderbird to use, and simply can't get it to work. I've gone into the password manager (Options / Security / Saved Passwords) and edited the password for both inbound and outbound. The Google App Password is a 16 character string displayed in groups of four, I've tried with or without the space between the groups. All that Thunderbird does it to open a web page with Google login, and that page only accepts the basic Google password, with the 2 factor authentication. Anyone got this to work and can point out the step I've missed? Thanks, Tony S

Ausgewählte Lösung

If you were creating a new imap gmail account then Thunderbird usually auto creates an imap account set up to use OAuth2.

Suggest you logon to webmail and remove the Two step authentication as you are no longer going to need it.

In Thunderbird If you have an account created already that is not using it, then you have to select it.

  • Right click on gmail imap mail account name in Folder Pane and select 'Settings'
  • select 'Server Settings'
  • Under 'Authentication Method' change to 'OAuth2'

then change the outgoing server info.

  • In left pane at the bottom select 'Outgoing server (SMTP)'
  • select the name of the gmail server
  • click on 'Edit'
  • Alter the Authentication Method to say 'OAuth2'
  • click on OK
  • click on OK

Restart Thunderbird. Gmail will then ask you to logon to confirm you really are you. Logon using normal password.

Gmail will then add a token into Thunderbird, stored in same place as saved passwords. From then onwards gmail will use that token instead of the normal password. You will not need to enter passwords.

Diese Antwort im Kontext lesen 0
Zitieren
Matt
  • Top 10 Contributor
  • Moderator
3249 Lösungen 22394 Antworten
Veröffentlicht

most folks use oAth credentials rather than the rather inconvenient and cumbersome app password route.

I am assuming that the "open a web page with Google login" is an oauth login process, once completed a token is created that Thunderbird and Google use for a very long time. around six months I understand.

most folks use oAth credentials rather than the rather inconvenient and cumbersome app password route. I am assuming that the "open a web page with Google login" is an oauth login process, once completed a token is created that Thunderbird and Google use for a very long time. around six months I understand.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Thanks. I need to look into oAth. To put this in context my missus has continual problems with her Gmail account being blocked as suspected unauthorised access. You maybe know what I mean, "Sign-in attempt was blocked. Someone just used your password to try to sign in to your account from a non-Google app.".

Google suggested 2-step and App Passwords as the solution, although they couldn't really explain why the problem kept recurring.

oAth may do the trick, if it only needs to be refreshed every six months or so that might be acceptable. Do you happen to know if it can be made to work with an iPhone as well?

On the otherhand App Passwords is what we use with Office 365 for some customers and it seems to work well enough in that context.

Thanks, Tony S

Thanks. I need to look into oAth. To put this in context my missus has continual problems with her Gmail account being blocked as suspected unauthorised access. You maybe know what I mean, "Sign-in attempt was blocked. Someone just used your password to try to sign in to your account from a non-Google app.". Google suggested 2-step and App Passwords as the solution, although they couldn't really explain why the problem kept recurring. oAth may do the trick, if it only needs to be refreshed every six months or so that might be acceptable. Do you happen to know if it can be made to work with an iPhone as well? On the otherhand App Passwords is what we use with Office 365 for some customers and it seems to work well enough in that context. Thanks, Tony S
Hat Ihnen das weitergeholfen?
Zitieren
Toad-Hall
  • Top 10 Contributor
1760 Lösungen 11838 Antworten
Veröffentlicht

Authentication Method: OAuth2 This works with Imap accounts.

Authentication Method: OAuth2 This works with Imap accounts.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Cheers. Do I have to specifically tell Thunderbird it's OAuth2, or does it work it out for itself?

Cheers. Do I have to specifically tell Thunderbird it's OAuth2, or does it work it out for itself?
Hat Ihnen das weitergeholfen?
Zitieren
Toad-Hall
  • Top 10 Contributor
1760 Lösungen 11838 Antworten
Veröffentlicht

Ausgewählte Lösung

If you were creating a new imap gmail account then Thunderbird usually auto creates an imap account set up to use OAuth2.

Suggest you logon to webmail and remove the Two step authentication as you are no longer going to need it.

In Thunderbird If you have an account created already that is not using it, then you have to select it.

  • Right click on gmail imap mail account name in Folder Pane and select 'Settings'
  • select 'Server Settings'
  • Under 'Authentication Method' change to 'OAuth2'

then change the outgoing server info.

  • In left pane at the bottom select 'Outgoing server (SMTP)'
  • select the name of the gmail server
  • click on 'Edit'
  • Alter the Authentication Method to say 'OAuth2'
  • click on OK
  • click on OK

Restart Thunderbird. Gmail will then ask you to logon to confirm you really are you. Logon using normal password.

Gmail will then add a token into Thunderbird, stored in same place as saved passwords. From then onwards gmail will use that token instead of the normal password. You will not need to enter passwords.

If you were creating a new imap gmail account then Thunderbird usually auto creates an imap account set up to use OAuth2. Suggest you logon to webmail and remove the Two step authentication as you are no longer going to need it. In Thunderbird If you have an account created already that is not using it, then you have to select it. * Right click on gmail imap mail account name in Folder Pane and select 'Settings' * select 'Server Settings' * Under 'Authentication Method' change to 'OAuth2' then change the outgoing server info. * In left pane at the bottom select 'Outgoing server (SMTP)' * select the name of the gmail server * click on 'Edit' * Alter the Authentication Method to say 'OAuth2' * click on OK * click on OK Restart Thunderbird. Gmail will then ask you to logon to confirm you really are you. Logon using normal password. Gmail will then add a token into Thunderbird, stored in same place as saved passwords. From then onwards gmail will use that token instead of the normal password. You will not need to enter passwords.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Thanks a million. I think it's starting to work now. I just fired up Thunderbird from cold and looked at the account properties, Authentication Method has changed to OAuth2 both under Server Settings and Outgoing SMTP.

Would it be reasonable to conclude that setting 2-step has forced this change, while the process you've described would set it manually?

Thanks a million. I think it's starting to work now. I just fired up Thunderbird from cold and looked at the account properties, Authentication Method has changed to OAuth2 both under Server Settings and Outgoing SMTP. Would it be reasonable to conclude that setting 2-step has forced this change, while the process you've described would set it manually?
Hat Ihnen das weitergeholfen?
Zitieren
Matt
  • Top 10 Contributor
  • Moderator
3249 Lösungen 22394 Antworten
Veröffentlicht

The setting toad told you to change made the change. It had nothing to do with Google.

BTW you might want to look at your anti virus product. Some offer a VPN service that they will tell you makes everything so much more secure. but VPN's have a habit of masking your location. Very popular with some folks that like to watch US TV shows when they are not in the US etc. Services like google that are looking for weird changes in location end up blocking their users, because they are logging in from all over the world. Australia one minute, the US a minute later etc.

The setting toad told you to change made the change. It had nothing to do with Google. BTW you might want to look at your anti virus product. Some offer a VPN service that they will tell you makes everything so much more secure. but VPN's have a habit of masking your location. Very popular with some folks that like to watch US TV shows when they are not in the US etc. Services like google that are looking for weird changes in location end up blocking their users, because they are logging in from all over the world. Australia one minute, the US a minute later etc.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Sorry I maybe wasn't clear. When I checked I found it was already set to OAuth2, I didn't need to make the change. Now I think about it maybe that's Thunderbird's default now for Gmail, because when I setup the account on that installation I selected Gmail specifically.

Just for my research I'll try another installation specifying generic IMAP and see if the App Password works in that context.

Sorry I maybe wasn't clear. When I checked I found it was already set to OAuth2, I didn't need to make the change. Now I think about it maybe that's Thunderbird's default now for Gmail, because when I setup the account on that installation I selected Gmail specifically. Just for my research I'll try another installation specifying generic IMAP and see if the App Password works in that context.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

To complete the picture I did just that, on a new Thunderbird install I set up the same Gmail account but manually configuring it as a generic IMAP. In that context the App Password works.

The only further think to add is that I'm not sure about the suggestion to remove the 2-step verification. The whole point here is to make sure that nobody can access the account simply by knowing the password.

To complete the picture I did just that, on a new Thunderbird install I set up the same Gmail account but manually configuring it as a generic IMAP. In that context the App Password works. The only further think to add is that I'm not sure about the suggestion to remove the 2-step verification. The whole point here is to make sure that nobody can access the account simply by knowing the password.
Hat Ihnen das weitergeholfen?
Zitieren
Toad-Hall
  • Top 10 Contributor
1760 Lösungen 11838 Antworten
Veröffentlicht

If you are using 'Authentication Method: OAuth2', then you would not need the app specific password as gmail would use a token it applies and it uses token (a load of numbers and letters like a complicated password) instead of normal password. In this case you need to stop the two step verification.

If using 'Authentication Method: Normal Password' and you have set up to use two step verification, then you would use the app specific password instead of Normal Password. In this case you would need to keep the two step verification.

If you are using 'Authentication Method: OAuth2', then you would not need the app specific password as gmail would use a token it applies and it uses token (a load of numbers and letters like a complicated password) instead of normal password. In this case you need to stop the two step verification. If using 'Authentication Method: Normal Password' and you have set up to use two step verification, then you would use the app specific password instead of Normal Password. In this case you would need to keep the two step verification.
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Sorry to harp on but I still don't see why two step should be disabled when using OAuth2. I can see why from one point of view it's not needed, but if the original point is to prevent access to the account solely by password, then surely it's needed for that reason even if Oauth2 doesn't require it.

Sorry to harp on but I still don't see why two step should be disabled when using OAuth2. I can see why from one point of view it's not needed, but if the original point is to prevent access to the account solely by password, then surely it's needed for that reason even if Oauth2 doesn't require it.
Hat Ihnen das weitergeholfen?
Zitieren
Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.