X
Нажмите здесь, чтобы перейти на мобильную версию сайта.

Форум поддержки

AT&T email technical support team tells me that Thunderbird (even 68) is not yet compatible with the oauth password security soon required..

esb
Размещено

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them.

My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included.

Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them. My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included. Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

Выбранное решение

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Прочитайте этот ответ в контексте 1
Цитата

Дополнительные сведения о системе

Приложение

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Дополнительная информация

Matt
  • Top 10 Contributor
  • Moderator
3249 решений 22397 ответов
Размещено

Выбранное решение

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ. So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo. So back to ATT In the mean time use a secure mail key using the instructions from the ATT web site [https://www.att.com/esupport/article.html#!/email-support/KM1240308?gsi=5aiozt here ] which I have copied below. Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T. * Go to [https://m.att.com/myatt/native/deepLink.html?action=Profile&appInstall=N Profile ]> Sign-in info. * Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.) * Scroll to Secure mail key and select Manage secure mail key. * If you have more than one email address, select the one you want to use. * Select Add secure mail key. * Enter a nickname for the secure mail key to make it easier to recognize. * Select Create secure mail key. * Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.) * For security purposes, the secure mail key only shows until you select OK. * If you lose or forget the secure mail key, you can create new secure mail keys as needed. * Select OK. * Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Помогла ли вам это? 1
Цитата
esb
Размещено

Задавший вопрос

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit.

You gave the only real explanation of this situation available anywhere for the *ordinary* reader.

Thanks again.

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit. You gave the only real explanation of this situation available anywhere for the *ordinary* reader. Thanks again.
Помогла ли вам это?
Цитата
mfraz2k 0 решений 1 ответов
Размещено

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor
Помогла ли вам это?
Цитата
Matt
  • Top 10 Contributor
  • Moderator
3249 решений 22397 ответов
Размещено

mfraz2k said

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand.

But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security.

Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body.

My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time.

In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.

''mfraz2k [[#answer-1255324|said]]'' <blockquote> This works, however "Keeper" password manager rates the provided Oauth "Key" as poor </blockquote> I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand. But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security. Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body. My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time. In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.
Помогла ли вам это?
Цитата
Задать вопрос

Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.