X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

ஆதரவு மன்றம்

AT&T email technical support team tells me that Thunderbird (even 68) is not yet compatible with the oauth password security soon required..

  • 9 replies
  • 2 இந்த பிரச்னைகள் உள்ளது
  • Last reply by wmem
esb
பதிவிடப்பட்டது

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them.

My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included.

Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

I assume this to be true since I spent the afternoon going up three levels of *escalation* on a live call to get the answer from them. My questions are: 1) Why would Thunderbird not yet (September, 2019) be compatible with the oauth password security system required by a major US email provider? When, if ever, is this omission going to be addressed and included. Using the only available workaround they offer for non-compliant insecure email clients, called a *secure mail key,* is not really a very modern solution to an internal inherent security flaw in a software program.

தீர்வு தேர்ந்தெடுக்கப்பட்டது

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Read this answer in context 2

Additional System Details

பயன்பாடு

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

கூடுதல் தகவல்

Matt
  • Top 10 Contributor
  • Moderator
3421 தீர்வுகள் 23741 பதில்கள்
பதிவிடப்பட்டது

தீர்வு தேர்ந்தெடுக்கப்பட்டது

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ.

So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo.

So back to ATT


In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below.

Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.

  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ. So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo. So back to ATT In the mean time use a secure mail key using the instructions from the ATT web site [https://www.att.com/esupport/article.html#!/email-support/KM1240308?gsi=5aiozt here ] which I have copied below. Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T. * Go to [https://m.att.com/myatt/native/deepLink.html?action=Profile&appInstall=N Profile ]> Sign-in info. * Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.) * Scroll to Secure mail key and select Manage secure mail key. * If you have more than one email address, select the one you want to use. * Select Add secure mail key. * Enter a nickname for the secure mail key to make it easier to recognize. * Select Create secure mail key. * Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.) * For security purposes, the secure mail key only shows until you select OK. * If you lose or forget the secure mail key, you can create new secure mail keys as needed. * Select OK. * Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
esb
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit.

You gave the only real explanation of this situation available anywhere for the *ordinary* reader.

Thanks again.

Thanks, Matt, at least the AT&T gang has now gone to all alpha from all numeric in their keys. That helps quite a bit. You gave the only real explanation of this situation available anywhere for the *ordinary* reader. Thanks again.
mfraz2k 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor
Matt
  • Top 10 Contributor
  • Moderator
3421 தீர்வுகள் 23741 பதில்கள்
பதிவிடப்பட்டது

mfraz2k said

This works, however "Keeper" password manager rates the provided Oauth "Key" as poor

I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand.

But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security.

Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body.

My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time.

In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.

''mfraz2k [[#answer-1255324|said]]'' <blockquote> This works, however "Keeper" password manager rates the provided Oauth "Key" as poor </blockquote> I have never heard of keeper. But It is really irrelevant here anyway. ATT / Yahoo have a method. If you don't use it you use web mail. So if you really with to address the issue take it to ATT or Yahoo. This discussion is about fitting in with their demands, not about th security of what they demand. But keep in mind that folks will also tell you not to write down your passwords. But at home, whom else but you is going to be seeing them? Burglars are not the kinds of people interested in your cyber security. Yet others warn about the risks of opening a suspicious email. That was good advice 20 years ago when we were all using Microsoft outlook or outlook express and it excelled at executing the malware in the message body. Not so much now when products like Thunderbird do not execute scripts in the message body. My point is the product might be offering good advice, or it might be offering advice that is biased to improving it's apparent usefulness. It might be repeating less correct information with an agenda. Anti virus products do it all the time. In the end analysis. You either do it the ATT way or don't get your mail except in a web browser.
BillMc 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

உதவிகரமான பதில்

After reading solutions from several different forums I discovered this: https://getmailspring.com/setup/access-att-net-via-imap-smtp.

Essentially, all I had to do was to change the AT&T servers to be the Yahoo servers. In the security settings I chose SSL/TLS and OAuth2.

The first time connecting, Yahoo propmted me for my AT&T username and password. I provided the information and received a confirmation email from Yahoo, indicating a new device had logged in. After that, Thunderbird is working as it used to, without the need for the secure mail key.

After reading solutions from several different forums I discovered this: https://getmailspring.com/setup/access-att-net-via-imap-smtp. Essentially, all I had to do was to change the AT&T servers to be the Yahoo servers. In the security settings I chose SSL/TLS and OAuth2. The first time connecting, Yahoo propmted me for my AT&T username and password. I provided the information and received a confirmation email from Yahoo, indicating a new device had logged in. After that, Thunderbird is working as it used to, without the need for the secure mail key.
Matt
  • Top 10 Contributor
  • Moderator
3421 தீர்வுகள் 23741 பதில்கள்
பதிவிடப்பட்டது

BillMc said

Essentially, all I had to do was to change the AT&T servers to be the Yahoo servers. In the security settings I chose SSL/TLS and OAuth2.

It is such a shame ATT do not understand oAuth and don't get their own authentication key for oAth as Yahoo says they need to.

''BillMc [[#answer-1261499|said]]'' <blockquote> Essentially, all I had to do was to change the AT&T servers to be the Yahoo servers. In the security settings I chose SSL/TLS and OAuth2. </blockquote> It is such a shame ATT do not understand oAuth and don't get their own authentication key for oAth as Yahoo says they need to.
path227 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

What do you do when none of this works? I have att/yahoo mail and use thunderbird, have for many years. It's always worked until the 'secure mail key' update. I now haven't received my email for 6 days, I've updated the secure mail key, changed the password in thunderbird, spent hours on the phone with att. Maybe I'm not changing all the passwords I need to change but I can't find but one place to change the password. Do I need to change it for both inbound and outbound email? Where do I change the password other than the one place listed here? What about my yahoo password that I used before the secure mail key? Does it just go away? I still need it to get into yahoo. I'm lost and confused and can't figure out how to fix this.

What do you do when none of this works? I have att/yahoo mail and use thunderbird, have for many years. It's always worked until the 'secure mail key' update. I now haven't received my email for 6 days, I've updated the secure mail key, changed the password in thunderbird, spent hours on the phone with att. Maybe I'm not changing all the passwords I need to change but I can't find but one place to change the password. Do I need to change it for both inbound and outbound email? Where do I change the password other than the one place listed here? What about my yahoo password that I used before the secure mail key? Does it just go away? I still need it to get into yahoo. I'm lost and confused and can't figure out how to fix this.
terry.mc1 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

All att.net email users should have changed to yahoo mail server settings. att.net servers have had problems for multiple years.

The imap settings are:

Att.net (AT&T) IMAP Server imap.mail.yahoo.com IMAP port 993 IMAP security SSL / TLS

Att.net (AT&T) SMTP Server smtp.mail.yahoo.com SMTP port 465 SMTP security SSL / TLS

Select (right click) the email account,then "Settings" Choose "Server Settings", in "Security Settings" choose OAuth2 from the "Authentication method" drop down. Click OK

Click on "Get Messages" to activate a login attempt. You will be prompted to sign into your att account. Once completed, yahoo will send an email stating: "Your Yahoo account abcde@att.net was used to sign in to a new third party application on thunderbird.

This will complete the process.


Matt said

Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ. So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo. So back to ATT In the mean time use a secure mail key using the instructions from the ATT web site here which I have copied below. Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T.
  • Go to Profile > Sign-in info.
  • Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)
  • Scroll to Secure mail key and select Manage secure mail key.
  • If you have more than one email address, select the one you want to use.
  • Select Add secure mail key.
  • Enter a nickname for the secure mail key to make it easier to recognize.
  • Select Create secure mail key.
  • Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)
  • For security purposes, the secure mail key only shows until you select OK.
  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.
  • Select OK.
  • Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.)
All att.net email users should have changed to yahoo mail server settings. att.net servers have had problems for multiple years. The imap settings are: Att.net (AT&T) IMAP Server imap.mail.yahoo.com IMAP port 993 IMAP security SSL / TLS Att.net (AT&T) SMTP Server smtp.mail.yahoo.com SMTP port 465 SMTP security SSL / TLS Select (right click) the email account,then "Settings" Choose "Server Settings", in "Security Settings" choose OAuth2 from the "Authentication method" drop down. Click OK Click on "Get Messages" to activate a login attempt. You will be prompted to sign into your att account. Once completed, yahoo will send an email stating: "Your Yahoo account abcde@att.net was used to sign in to a new third party application on thunderbird. This will complete the process. ''Matt [[#answer-1254057|said]]'' <blockquote> Perhaps you could ask ATT what their oAuth private key is. Thunderbird can not support oAuth for ATT because they don't have a key. They think the Yahoo one should be used. Except yahoo begs to differ. So the Thunderbird folks are between a rock and a hard place. Thunderbird can not implement the mess they are making because it breaks the oAuth standard, or at least hat was what the Yahoo reps said when we implemented Yahoo. So back to ATT In the mean time use a secure mail key using the instructions from the ATT web site [https://www.att.com/esupport/article.html#!/email-support/KM1240308?gsi=5aiozt here ] which I have copied below. Learn how to create a secure mail key from your mobile device, tablet, or computer. Have your User ID and password ready to sign in to myAT&T. * Go to [https://m.att.com/myatt/native/deepLink.html?action=Profile&appInstall=N Profile ]> Sign-in info. * Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.) * Scroll to Secure mail key and select Manage secure mail key. * If you have more than one email address, select the one you want to use. * Select Add secure mail key. * Enter a nickname for the secure mail key to make it easier to recognize. * Select Create secure mail key. * Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.) * For security purposes, the secure mail key only shows until you select OK. * If you lose or forget the secure mail key, you can create new secure mail keys as needed. * Select OK. * Go to your preferred email app and replace the existing password with your secure mail key. (For an IMAP account, delete the existing password for both the IMAP and SMTP servers and replace them with your secure mail key.) </blockquote>
wmem 0 தீர்வுகள் 1 பதில்கள்
பதிவிடப்பட்டது

I am still utilizing att.net server settings and have not had any issues to date. Was something changed in later releases of Thunderbird that negated this issue or has it just not caught up with me yet?

I am still utilizing att.net server settings and have not had any issues to date. Was something changed in later releases of Thunderbird that negated this issue or has it just not caught up with me yet?