With the current version of Thunderbird, you can open the password store and edit passwords. Just double click on the offending item.

But the lack of a prompt has me thinking that your problem goes a bit deeper; maybe Thunderbird can't connect to the server. Why were you changing the password in the first place?

I have this problem as well. I changed all my email passwords because someone got a phishing email that purported to be from me. Two of my accounts asked me for a new password when the server connection failed. My Yahoo account just the following message, without a prompt for a new password.

"Sending of password for user bvlenci@yahoo.com did not succeed. Mail server pop.mail.yahoo.com responded: "

As you can see, there's nothing after the colon, so I don't know what the server responded.

Based on a response I read to a similar question (how to change passwords) I deleted the password for my Yahoo account, hoping that would cause the prompt to appear. Now I see this, above:

With the current version of Thunderbird, you can open the password store and edit passwords. Just double click on the offending item.

I'm not sure that the "password store" is where I deleted my Yahoo password, but in the Tools/options/security/passwords/saved passwords tab, Yahoo (the offending item) no longer exists, so I can't double click it.

I suppose I'll just have to delete and recreate the account.

I have this problem as well. I changed all my email passwords because someone got a phishing email that purported to be from me. Two of my accounts asked me for a new password when the server connection failed. My Yahoo account just the following message, without a prompt for a new password.

I think you could be a little more discerning about these messages. Have a copy forwarded to you and inspect its headers using ctrl+u. I'll wager that your email address appears as a text string, but the real sending address will be some far distant place in the world, and sent via an unknown server. A whois lookup of its IP address can tell you where the sender was located (and it has never in my experience been an address associated with any of my email providers.) In these cases, there is no reason to think that anyone has "hacked" your account; they have merely picked up your email address from somewhere on the 'net and inserted it into a message to gain a superficial appearance of you having sent it.

I really wish recipients of phishing message would look for these clues that the message is fake:

• shaky spelling and grammar;
• you don't do business with the organization who supposedly sent it;
• they don't use your full or correct name;
• links point to other sites (just hover with the mouse and look at the status bar).

Notwithstanding, given yahoo's lamentable security record and their lack of transparency, changing your password now and then might be a useful precaution. A better one (IMHO) would be to stop using yahoo at all.

I'm not sure that the "password store" is where I deleted my Yahoo password, but in the Tools/options/security/passwords/saved passwords tab, Yahoo (the offending item) no longer exists, so I can't double click it.

Yes, that was the password store.

As I commented to a previous poster, you likely have a problem connecting to the yahoo server. Maybe your firewall or antivirus, maybe you need to re-set the password at the yahoo site and look at the options for two-step authentication, application passwords and the like.

I suppose I'll just have to delete and recreate the account.

I really wish recipients of phishing message would look for these clues that the message is fake:

[ ... ]

I wasn't the recipient, but it was quite obvious to me and the recipient that it was fake. For the sake of simplification, I mentioned only one recipient, but there was another a few days later.

I looked at the headers of the first message, and didn't see my email address anywhere. The sender was apparently in Brazil (and the second sender was apparently in China). I didn't check the location of their IP addresses.

The first message used a nickname for the recipient which wouldn't have been casually picked up anywhere. I remembered seeing an address for this person (I thought in my Thunderbird address book) with this nickname, but now I can't find it. I may have deleted it, because it would have been a duplicate anyway. It could have got into "collected addresses" because several people who send regularly send emails both to recipient of the phishing attempt and to me use this nickname for him. In fact, I originally thought that the hack had been of one of their accounts, and I warned them, but the second message a few days later was to someone known to me, but not to them.

"As I commented to a previous poster, you likely have a problem connecting to the yahoo server. "

If you saw the error message from Yahoo, which I copied above, you'll see that it specifically mentioned that the password was wrong.

I use Yahoo only for correspondence with people or organizations that I don't want to have my "real" email addresses. I don't care much if it's hacked, apart from the problem that my address book could cause problems for other people.

Deleting and recreating my Yahoo account worked. But what I really wanted to know is why I didn't get a prompt to enter a new password, which is what should happen when the password is wrong. This is what's happened on Thunderbird every other time I've changed a password.

Error messages frequently report an incorrect password but in truth it means "we couldn't log you in for any one of a number of reasons." Security software blocking access to the server is a frequent cause of this.

However, in cases like yours, it seems to hint at a bug in Thunderbird; if clearing it down, setting it up again and using exactly the same credentials works, then that would appear to exonerate the server, your computer and any security software. There is anecdotal evidence that a failed attempt to set up an account in Thunderbird leaves some debris behind that interferes with a new clean start.

Clearing a couple of files associated with password storage often gets it all going again, but this is at the cost of having to re-enter all of your passwords. Sometimes re-installing the affected account is the lesser evil.