X
Bakstelėkite čia, kad pereitumėte į mobiliąją šios svetainės versiją.

Pagalbos forumas

AT&T email technical support team tells me that Thunderbird (even 68) is not yet compatible with the oauth password security soon required..

esb
Paskelbta

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them.

My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included.

Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them. My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included. Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

Chosen solution

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Skaityti atsakymą kartu su kontekstu 1
Citata
Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3249 Atsakymų: 22397

Chosen Solution

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ. So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo. So back to ATT In the mean time use a secure mail key using the instructions from the ATT web site [https://www.att.com/esupport/article.html#!/email-support/KM1240308?gsi=5aiozt here ] which I have copied below. Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T. * Go to [https://m.att.com/myatt/native/deepLink.html?action=Profile&appInstall=N Profile ]> Sign-in info. * Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.) * Scroll to Secure mail key and select Manage secure mail key. * If you have more than one email address, select the one you want to use. * Select Add secure mail key. * Enter a nickname for the secure mail key to make it easier to recognize. * Select Create secure mail key. * Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.) * For security purposes, the secure mail key only shows until you select OK. * If you lose or forget the secure mail key, you can create new secure mail keys as needed. * Select OK. * Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Was this helpful to you? 1
Citata

Klausimą uždavęs asmuo

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit.

You gave the only real explanation of this situation available anywhere for the *ordinary* reader.

Thanks again.

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit. You gave the only real explanation of this situation available anywhere for the *ordinary* reader. Thanks again.
Was this helpful to you?
Citata
mfraz2k Sprendimų: 0 Atsakymų: 1

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor
Was this helpful to you?
Citata
Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3249 Atsakymų: 22397

mfraz2k said

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand.

But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security.

Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body.

My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time.

In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.

''mfraz2k [[#answer-1255324|said]]'' <blockquote> This works, however "Keeper" password manager rates the provided Oauth "Key" as poor </blockquote> I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand. But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security. Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body. My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time. In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.
Was this helpful to you?
Citata
Užduoti klausimą

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.