Can retrieve mail from one pop server but not the other
All of a sudden, today 01/05/2016, Thunderbird ver. 38.5.0 won't retrieve email from pop.googlemail.com. It retrieves just fine from pop.centurylink.net.
In attempting to fix the problem, I have changed my gmail password (several times!!) via mail.google.com Settings/Change account settings/Change password. But then when I do Get Messages in Thunderbird, I get
"Sending of password for user [email protected] did not succeed. Mail server pop.googlemail.com responded: Web login required: https://support.google.com/mail/answer/78754"
Since I'm already logged in to my webmail, I click OK in Tbird. That gives me: "Login to server pop.googlemail.com failed."
So I click "Enter New Password" and get "Enter your password for [email protected] on pop.googlemail.com:". So I type in my "new" gmail password and I then get... ta-daaaa...
"Sending of password for user [email protected] did not succeed. Mail server pop.googlemail.com responded: Web login required: https://support.google.com/mail/answer/78754"
How do I fix Thunderbird so I can get my email from pop.googlemail.com?
Chosen solution
I am no expert on oauth2.0, but basically it adds a token to the authorization. First you send your username and password, Google replies with a token that has to be used in every request of the session to ensure the request is coming from your computer. Google say it is more secure. It might be. But anyone sophisticated enough to place themselves into the process to the point that they can piggy back your connection and run a man in the middle hack, is probably sophisticated enough to make about any data transfer insecure in some way.
Just as Microsoft storing backups of disk encryption keys on your one drive is less secure as it allows, if nothing else, a backdoor into your disk encryption to nosey governments. It does make recovering data from crashes disks easy, all that is needed is access to one drive.
Googles insistence on mail applications implementing what is essentially a web browser into the authorization process introduces risk. Mail developers are often not up on web developments and security, in the case of Thunderbird at this point we benefit from the Firefox developers in this area. But for others in is completely new ground. I think that may be why only Thunderbird has implemented it at this time. That implementation was fairly controversial with the developers as the discussion in the bug shows.
As for POP being different , yes it is. That is why I specifically mentioned IMAP.
Read this answer in context 👍 1All Replies (11)
And have you followed the steps in https://support.google.com/mail/answer/14257?rd=1. There is more there that just logging in using a browser.
I have followed those steps three (3) times.
Do you use the two factor authentication?
No, no two-factor.
FYI, Tbird was working just fine until this morning. I had made no changes to gmail but Tbird suddenly ceased being able to retrieve messages.
But only from gmail, NOT from embarqmail.com; the latter works just fine.
This is not Thunderbird problem, unless your password change has created one. Googles servers are rejecting login attempts and saying that a login with a browser is required. I think you need to ask them what the issue is.
When I tried logging in via Tbird this morning, the message from [email protected] said
"Hi Terry, Someone just tried to sign in to your Google Account [email protected] from an app that doesn't meet modern security standards."
Is this still looking like a Google issue?
On my google account I just now set to ON the setting for "Access for less secure apps". VOILA! Thunderbird now works.
Does that tell me that Tbird 38.5.0 really didn't/doesn't "meet modern security standards."?
Actually 38 offers oauth2.0 as an authentication method for IMAP mail accounts especially to shut the folk as Google up. It is a web authentication method, not an email one. No one but Google uses it and no other mail client I am aware of has caved in to the pressure and offered it.
But Google are trying to frighten folk into using their web interface, where Microsoft are just using proprietary modification on protocols and Apple as usual use obscurity to keep their customers home. It is far more about market share and eyes on advertising than anything security related.
AHA! So the problem is with both Tbird AND Google!
By the way, I use POP, not IMAP. Does that affect your explanation?
What and how am I at risk of by turning on "Access for less secure apps"? I don't use smartphones, iPads, tablets or anything else but my desktop and laptop (and I don't use Tbird on the laptop, just Firefox).
Chosen Solution
I am no expert on oauth2.0, but basically it adds a token to the authorization. First you send your username and password, Google replies with a token that has to be used in every request of the session to ensure the request is coming from your computer. Google say it is more secure. It might be. But anyone sophisticated enough to place themselves into the process to the point that they can piggy back your connection and run a man in the middle hack, is probably sophisticated enough to make about any data transfer insecure in some way.
Just as Microsoft storing backups of disk encryption keys on your one drive is less secure as it allows, if nothing else, a backdoor into your disk encryption to nosey governments. It does make recovering data from crashes disks easy, all that is needed is access to one drive.
Googles insistence on mail applications implementing what is essentially a web browser into the authorization process introduces risk. Mail developers are often not up on web developments and security, in the case of Thunderbird at this point we benefit from the Firefox developers in this area. But for others in is completely new ground. I think that may be why only Thunderbird has implemented it at this time. That implementation was fairly controversial with the developers as the discussion in the bug shows.
As for POP being different , yes it is. That is why I specifically mentioned IMAP.
the same problem receiving messages happened to me suddenly yesterday after an update to TBird 38.5.1- won't receive from pop3.vianet.ca and I get no error messages , just no messages ( I have several when I sign into my webmail with vianet.ca). I can send messages fine,
Modified