NEW! Update to secure PKCE authentication settings, March 2026

You have only one account

If you have only one account, then no change is needed in Thunderbird for PKCE to work. You just log in ("authenticate") by providing your email account and account password (App passwords do not work with OAuth2), and then confirm that Thunderbird may access data on the provider's servers (AOL, ATT, Yahoo, etc). This is a normal and safe process. If you have difficulty, please see Detailed Troubleshooting Steps below.

You have more than one account

OAuth2 Authorization

OAuth2 is the default for accessing Yahoo provided services (and partner providers like AOL and ATT). The partner provider (not Thunderbird) presents you first with their OAuth2 dialog to confirm your account name and password, followed by their dialog to authorize which data types Thunderbird will be permitted to use.

An access token sent from your provider (a string of characters, not your password) is then stored in Thunderbird's password store to allow future access to the server. Tokens eventually expire, at which time you must again provide your account information with password. If you do not know your password, then you must use your provider's account pages in a web browser to create a new password, often called a "password reset".

This authentication setting is automatically configured in Thunderbird Account Settings on first access for both sending and receiving email, and for accessing calendars and contacts in the respective settings of Thunderbird. OAuth2 also requires javascript and cookies, which are enabled by default in Thunderbird.

Mail Settings

POP

Refer to Yahoo's help page for POP access settings and instructions for Yahoo Mail.

IMAP

Refer to Yahoo's help page for IMAP server settings for Yahoo Mail.

My sign-in attempt was prevented

If you get the Username or password invalid warning and the Sign-in attempt prevented email when you try to connect your Yahoo Mail with Thunderbird, Yahoo has blocked Thunderbird from connecting because it's a "less secure" non-Yahoo app.
Update: please read section Important Changes to Authentication Method Notice below.

In Thunderbird version 68.5 and up, you can change the POP server to pop.mail.yahoo.com (port 995).

Important Changes to Authentication Method Notice

If you currently have a POP or IMAP mail account in Thunderbird and receive an email from Yahoo that says:
"We’ve noticed that you’re using non-Yahoo applications (such as third-party email,calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, Yahoo will no longer support the current sign-in functionality in your application starting on 20 October 2020."

Check Thunderbird has cookies enabled.

1. Click Thunderbird app menu ☰ > Settings > Privacy & Security.
2. Tick ✓ Accept cookies from sites.
3. Click Exceptions… next to Accept cookies from sites to make sure you are not blocking cookies from sites such as yahoo.com, aol.com or att.com.

Update the 'Authentication Method' for the POP3 or IMAP mail account.

1. Click Thunderbird app menu ☰ > Account Settings
2. Click on the mail account name in the left sidebar for example nemo@thunderbird.net.
3. Bottom right: click on Edit outgoing server....
4. Set Authentication Method to OAuth2.
5. Click OK.
6. Click on Server Settings in the left sidebar for your mail account.
7. Set Authentication Method to OAuth2.
8. Click on OK.

Exit Thunderbird.
Wait a few moments for background process to complete.
Start Thunderbird.

Then there will be a prompt from your Yahoo ISP partner to login. This is done with an OAuth 2.0 key exchange in Thunderbird which will authenticate the Thunderbird client in future logins.

Import Yahoo's Contact List to Thunderbird

1. Open your Yahoo Mail account.
2. On the right side of the screen (left if you are using the "classic mail"), select the Contacts icon. Your contact list will open.
3. At the top of the list, click the Actions menu.
4. In the menu, select Export....
5. Select Netscape/Thunderbird and click Export Now.
6. Save the yahoo_contacts.ldif file to your desktop or some other place where you can find it later.
7. Open Thunderbird.
8. Under Tools, select Import and then Address Books.
9. Select Text file (LDIF, .tab, .csv, .txt), then click Next.
10. Select the yahoo_contacts.ldif file that you previously saved.
11. Your Yahoo! contacts will be imported as a separate yahoo_contacts address book.

Calendar

To configure the Thunderbird calendar with your Yahoo Calendar, follow the instructions at the page Sync or access your calendar on multiple devices and applications on the Yahoo support site.

Detailed Troubleshooting Steps

Please check the following before asking for support

1. With the password that failed when logging in when using Thunderbird, can you log in to your mail provider’s web interface (webmail)? If you are unable to log in to webmail, then the password is either not an account password or is no longer valid. The easiest way to solve this problem is to reset the account password using your provider’s website.
2. Cookies must be enabled in Thunderbird: ≡ > Settings > Privacy & Security > Accept cookies from sites must be checked.
3. Can you see the entire OAuth2 dialog panel (no action buttons are missing)? And no OAuth2 dialogs are hidden behind what you currently see?
4. Are you in the country in which you normally use the account, and not using a VPN?
5. Is the authentication method in ≡ > Account Settings > Server Settings set to OAuth2 for all AOL, ATT, and Yahoo accounts?

How to ask for support

If you are still having trouble, please post a support request at: https://support.mozilla.org/questions/new/thunderbird with:

• Thunderbird version number. For example 148.0, 140.8.0esr, 149.0b1.
• List of all your mail providers. For example: ATT, AOL, Yahoo, etc.
• List all the steps you tried to resolve the issue, and please confirm you have checked everything in the Please check the following before asking for support section above.
• Screen shots showing the failed attempts or the exact error message from your mail provider.