Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Google notice, Thunderbird not secure

  • 5 replies
  • 1 has this problem
  • 26 views
  • Last reply by jaseins

more options

Google says the following when I authenticate my Thunderbird app (MAC OS) to send and receive (IMAP/SMTP) Gmail messages. Is Google correct or mistaken about Thunderbird not being secure? Thank you

"Less secure app blocked Google blocked the app you were trying to use because it doesn't meet our security standards. Some apps and devices use less secure sign-in technology, which makes your account more vulnerable. You can turn off access for these apps, which we recommend, or turn on access if you want to use them despite the risks. Google will automatically turn this setting OFF if it's not being used."

All Replies (5)

more options

You shouldn't get any warnings if the authentication on the incoming and outgoing servers is OAuth2. If it isn't, change to OAuth2, accept cookies in TB Preferences/Privacy & Security, remove passwords from Saved Passwords, restart TB, enter the account password in the OAuth window when prompted.

more options

I'm sorry about my third grade level but it is not clear to me how to do the oath2 and the step by step setups approach my level of ignorance. E.g. https://www.lifewire.com/gmail-access-thunderbird-1173150#how-to-configure-your-gmail-account

As it turns out, my password box in thunderbird has an address string that includes oath2 and if it is specific to incoming or outgoing then I'm unable to discern (see attached).

I'm not clear about where to do the first step of the recommendation you shared, i.e. "If it isn't, change to OAuth2". If "it" is a setting in the thunderbird preferences I don't see it.

What do you advise?

Thank you

more options

Postscript: The problem is only getting the app to recognize Gmail password for outgoing (SMTP), incoming (IMAP) is working fine.

more options

The authentication on the outgoing server must also be OAuth2. Tools/Account Settings, Outgoing Server (SMTP) at the bottom of the left pane. The outgoing server will (should) use the same oauth token that is already stored in Saved Passwords.

more options

Thunderbird accesses Gmail with less secure app access turned on.

What I don't understand is what Thunderbird version is new enough to not require it by Google's standards: https://support.mozilla.org/en-US/questions/1353059

I'm not ready for 91.2 right now.