The requirement to use or not use a password is something decided by the server administrator. At this time I am not aware of any mail server anywhere what does not require authentication. 20 or 30 years ago unauthenticated email was common, but spammers and hackers have seen an almost complete end to that.

Thunderbird password manager has remained largely unchanged for the past 20 or so years.. See https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-tb

Perhaps in the past you did not save the password so Thunderbird routinely asked you for it on some accounts. This is no longer an option with oAuth authentication which is the preferred method of outlook.com gmail yahoo and really most major mail providers. They consider it more secure, but remembering and entering an 11 or 14 digit key each time you need to authenticate that changes frequently is not really an option and oAuth does not actually tell you the key, it handles that internally and Thunderbird saves it in the password manager between sessions. So you can find it and delete it, but next usage will save a new key.

Thank you for considering my question. Perhaps I have misunderstood - it is Xfinity (comcast) that is requiring I enter BOTH a login password (which makes sense) AND a password for OUTBOUND / Sent email? If my T-bird account gets hacked and I'm using a primary password, aren't all my email providers / servers wide open? Can I enter/establish a DIFFERENT password for my outbound emails?

Thank you.

Thank you for considering my question. Perhaps I have misunderstood - it is Xfinity (comcast) that is requiring I enter BOTH a login password (which makes sense) AND a password for OUTBOUND / Sent email?

Yes

If my T-bird account gets hacked and I'm using a primary password, aren't all my email providers / servers wide open? Can I enter/establish a DIFFERENT password for my outbound emails? Thank you.

You would have to ask you mail provider. Apparently that is Ultimately Yahoo and they have required outgoing passwords for as long as I have had a Yahoo account that could send mail outside of the Yahoo website. Probably dating to around 2010 I would guess.

But let me put it this way. Knowing your email address, and it is hardly a secret, I could send mail from your providers server pretending to be you legitimately unless thay ask for credentials. This is not about hacking, this is about the sender proving they have a legitimate right to send mail using that email address on that server. To not require authentication would make the server an open relay. I will point you to Wikipedia to explain what that is and why it is a horrible idea. https://en.wikipedia.org/wiki/Open_mail_relay

You apparently think for some reason that Xfinity did not require a password and that something new is being asked of you. Xfinity always required a sending password. Thunderbird may have memorized it when you sent your first email, but you could not send mail from an xfinity account without authentication ever. I would suggest you read the support pages at Xfinity for information on the requirement https://www.xfinity.com/support/articles/email-client-programs-with-xfinity-email

Perhaps this misunderstanding is derived from the concept of logging in. You do not do it when you open Thunderbird and that grants you access to everything comcast/xfinity regarding email until you close Thunderbird like is the experience on their website. It happens multiple times in most sessions. When you open Thunderbird it immediately reaches out to get your new mail. That is the default and it authenticates with the incoming mail server either mail.comcast.net for pop mail accounts or imap.comcast.net for IMAP mail accounts. Once the new mail is collected the program signs off from the server. That session is done. 15 minutes or so latter(depending on user settings in account settings, Thunbird again signs into the server to get any new mail that has arrived for that account. When you click send, Thunderbird authenticates with the outgoing mail server smtp.comcast.net and asks to submit mail for delivery. Once that is completed then Thunderbird signs out from the server, until there is a need to send more mail.

The new xfinity arrangement with Yahoo changes that in so much as the servers names are changed, and the authentication method also goes to oAuth with uses a token supplied by the server instead of your password at each connection. With oAuth, Thunderbird never actually knows your real password. It is entered in the initial authentication process where you grant Thunderbird access to your mail but it is not saved at all. Instead of the password being saved the token provided by Yahoo is saved and used instead of your password until Yahoo decides the token requires you to validate your continued acquiescence to Thunderbird accessing your mail by forcing a new permission. that might be years from now (my experience) or a matter of hours from the permission, depending on your use of VPN products and use of public internet connection points and you movements but that is decided entirely by Yahoo. Thunderbird gets no say when the token provided revokes the permission, other than to walk you through the permission process again.

just to attempt clarity. Your "Thunderbird account" can only be hacked if your local machine is compromised as Thunderbird stores no information at all anywhere but on your local machine, or in the case of Mobile, on your phone.

You do not have a "Thunderbird account" as suc,h in the way I feel you are thinking of it, like you have a Facebook or eBay account. You have a collection of files on your local machine which stores information about your mail accounts, authentication protocols and your mail. There is no web presence to be hacked. See https://support.mozilla.org/en-US/kb/profiles-where-thunderbird-stores-user-data

Matt Thank you. Much appreciated.

Greg