Thunderbird does not use 2 step verification or "recognize" any email passwords. It provides the password that you previously saved or just entered to the mail server when asked for one. Gmail has a procedure to use 2 step verification where it generates an application specific password to use with email clients. I suggest you ask your email provider how to use their system.

I entered a valid password (the new one that works in Outlook; not a saved one). Outlook has a procedure to use 2-step verification, which works fine when I access Outlook directly, so I don't need to ask them how to use 'their system' as I know how to use it; I've just used it and it works, if you're with me. What doesn't seem to work is Thunderbird when I've set 2-step verification 'on' in Outlook. What I'm experiencing is that Thunderbird won't work with Outlook if 2-step verification is turned on. I turned it off and Thunderbird works (entering the new password). If I ask Microsoft, they'll just say, "Ask Mozilla!" If Thunderbird doesn't use 2-step verification, that's fine, but what it means to me is that I can't use Thunderbird any more.

Gmail has a method of making 2 step work with email clients as described above and they tell you how to use it in their gmail help documentation. I would imagine the Microsoft email does too. I will not argue with you about contacting your provider to see how to use their 2 step with clients. You seem to know it all already.

Aha! I think I've got your drift now. I missed the bit about Gmail working with clients (I read it as meaning the same as how I use Outlook itself; how I responded above). Ok, so I'll take a look through Outlook and see if I can find any info on a method of it working with Thunderbird as a client. Thanks.

You need to create and application password. one for each application that accesses the account.

See https://support.google.com/accounts/answer/185833?hl=en

Google two factor authentication and application passwords only work with Thunderbird where the account type is IMAP and the Authentication method is OAuth2.0. This is not a Thunderbird weakness, but a decision made by Google and forced on everyone.

Note that OAuth2.0 which they insist must be used is a browser authentication method. It has nothing to do with email. In many regards forcing email client to act as browsers, which they are not designed to do, is a far greater security risk that the problem the global giant was try to fix. SO now we have all these "browsers" developed by folk that know about email, but web browsers. A big thank you to the 10,000 pound gorilla in the room.

Fixed. Many thanks :-) The MS Outlook info is here: http://windows.microsoft.com/en-GB/windows/app-passwords-two-step-verification