I'm assuming you are using up to date version of Thunderbird. Do not use 2 step verification.

I'm supplying full info just in case someone locates this question and needs full info. This info works for both POP and IMAP mail accounts.

Do this: Enable cookies:

• Menu app icon > Preferences > Privacy & Security

Under WEb Content

• Select checkbox: 'Accept cookies from sites'

Then change authentication:

• Right click on gmail pop/imap account name in Folder Pane and select 'Settings'

This opens the Account Settings in new tab The pop/imap account name is selected Look bottom right for Outgoing Server (SMTP)

• Click on 'Edit Server _SMTP' button
• Set Authentication Method : OAuth2
• Make sure user name is full gmail address
• Click on OK

• select 'Server Settings'
• Set Authentication Method : OAuth2
• Make sure user name is full gmail address

• Exit Thunderbird and wait a few moments for background processes to complete
• Start Thunderbird

Gmail will prompt you to enter gmail email address and normal password you use to access webmail account. Follow instructions. It will ask this to allow Thunderbird to access server.

An Oauth token will get stored in Thunderbird - same place as passwords and from then onwards Thunderbird will use it to access server.

Thunderbird has now set up Thunderbird to use the method that gmail prefers = OAuth2, so it no longer uses 'less secure apps' as gmail call it. Whilst this has been available for Imap accounts for quite a while, it is now also available for pop accounts as well.

You do not need to wait for the deadline, it can be done now.