How to disable password manager for googlemail account.
I am using a software to keep and manage my passwords I do not want any more Thunderbird to handle any password including google ones. I receive alerts everywhere from google telling me that something bad is happening. I just do not trust google and mozilla to handle my passwords. It is a matter of privacy I do not want this service why is it impossible to get rid of it? Thanks
Выбранное решение
With OAuth2 authentication no actual passwords are stored in the Thunderbird password manager. What's stored is an authentication token. The token expires after some time, then you'll see a new Google login prompt. If you don't allow Thunderbird to remember this authentication token, your device (Thunderbird) isn't recognized by Google upon the next login, hence you get the Google alerts. So I think what you do see is actually a Google security feature, not a Thunderbird problem.
Instead of using OAuth2 authentication, you could use app passwords for Thunderbird. However, if you don't let Thunderbird remember those, you'd need to generate a new app password for every new login, which sounds even worse.
Therefore I'd simply let Thunderbird remember the OAuth2 token. OAuth2 is the only authentication method considered 'secure' by Google.
Прочитайте этот ответ в контексте 👍 1Все ответы (4)
I receive alerts everywhere from google telling me that something bad is happening.
What alerts exactly?
What is your account type - POP or IMAP?
Is 2-step authentication turned on for the Google account? If so, have you created app passwords for Thunderbird?
Have you turned on OAuth2 authentication for the the incoming and outgoing server of the Gmail account?
Concerning the alerts 2 types of mails in thunderbird: Sorry in french Type 1
==
Votre compte ****.****@****.fr est indiqué comme adresse e-mail de récupération pour le compte ****.****@gmail.com. Vous ne reconnaissez pas ce compte ? Cliquez ici Google Provider for Google Calendar a désormais accès à votre compte Google associé ****.****@gmail.com
Si vous n'êtes pas à l'origine de cette autorisation, nous vous conseillons de vérifier cette activité et de sécuriser votre compte. Consulter l'activité
Type 2
==
Votre compte ****.****@****.fr est indiqué comme adresse e-mail de récupération pour le compte ****.****@gmail.com. Vous ne reconnaissez pas ce compte ? Cliquez ici Google Mozilla Thunderbird Email a désormais accès à votre compte Google associé ****.****@gmail.com
Si vous n'êtes pas à l'origine de cette autorisation, nous vous conseillons de vérifier cette activité et de sécuriser votre compte. Consulter l'activité
Plus equivalent alerts on my phone
my mailserver is IMAP
Yes 2 step authentication
Yes OAuth2 is activated
the problem exists only for gmail there is no problem for other mail servers
Выбранное решение
With OAuth2 authentication no actual passwords are stored in the Thunderbird password manager. What's stored is an authentication token. The token expires after some time, then you'll see a new Google login prompt. If you don't allow Thunderbird to remember this authentication token, your device (Thunderbird) isn't recognized by Google upon the next login, hence you get the Google alerts. So I think what you do see is actually a Google security feature, not a Thunderbird problem.
Instead of using OAuth2 authentication, you could use app passwords for Thunderbird. However, if you don't let Thunderbird remember those, you'd need to generate a new app password for every new login, which sounds even worse.
Therefore I'd simply let Thunderbird remember the OAuth2 token. OAuth2 is the only authentication method considered 'secure' by Google.
Many thanks for clear and detailed answer. I'll keep the token in thunderbird then.
The fact that the token is stored under the passwords is rather confusing but I suppose that everybody is not as paranoïd as me.
Thanks again.