Prompted to change password encryption; is someone trying to steal my password?
Recently, when opening Thunderbird, I got the following error message:
"The IMAP server (server name) does not seem to support encrypted passwords. If you just set up the account, please try changing to 'Password, transmitted insecurely' as the 'Authentication method' in the 'Account Settings | Server settings'. If it used to work and now suddenly fails, this is a common scenario how someone could steal your password."
Based on an answer to a similar post in another forum, I changed the Connection security from "None" to "SSL/TLS" and the Authentication method from "Encrypted password" to "Password". Everything seems to work now, but I didn't change the port, as prompted in the post.
I'm not familiar with how encryption works, so my first question is this:
- Does the choice of port have any meaning to ensure that my email traffic, or at least the password, is encrypted?
Also, since it used to work before, I'm worried that someone is trying to steal my password. However, I can't understand from the error message how this would be an attempt to steal my password.
- Can someone explain what kind of attack would render the error message above, to give me an understanding of how to protect myself? I.e. have I done something wrong, what weaknesses would have been exploited in this case etc.
Réiteach roghnaithe
Does the choice of port have any meaning to ensure that my email traffic, or at least the password, is encrypted?
Yes, with Connection security "None" port 143 is used, and all email traffic to and from the IMAP server is in the clear, including your password. With Connection security "SSL/TLS" port 993 is used, and all email traffic to and from the IMAP server is encrypted, including your password. So this is what you want.
Few, if any, email providers use "Encrypted password" as Authentication method. In connection with SSL/TLS typically "Normal password" authentication is used. More and more email providers such as Google, AOL, and Yahoo are using "OAuth2" authentication.
Can someone explain what kind of attack would render the error message above, to give me an understanding of how to protect myself?
I don't know. It isn't clear to me who or what generated the error. Wrt protecting yourself, always use a strong password, ideally one generated with a password manager.
I.e. have I done something wrong, what weaknesses would have been exploited in this case etc.
Don't use Connection security "None". If an email provider doesn't support TLS, then find another provider.
Read this answer in context 👍 1All Replies (2)
Réiteach Roghnaithe
Does the choice of port have any meaning to ensure that my email traffic, or at least the password, is encrypted?
Yes, with Connection security "None" port 143 is used, and all email traffic to and from the IMAP server is in the clear, including your password. With Connection security "SSL/TLS" port 993 is used, and all email traffic to and from the IMAP server is encrypted, including your password. So this is what you want.
Few, if any, email providers use "Encrypted password" as Authentication method. In connection with SSL/TLS typically "Normal password" authentication is used. More and more email providers such as Google, AOL, and Yahoo are using "OAuth2" authentication.
Can someone explain what kind of attack would render the error message above, to give me an understanding of how to protect myself?
I don't know. It isn't clear to me who or what generated the error. Wrt protecting yourself, always use a strong password, ideally one generated with a password manager.
I.e. have I done something wrong, what weaknesses would have been exploited in this case etc.
Don't use Connection security "None". If an email provider doesn't support TLS, then find another provider.
Thank you christ1 for your detailed answer. It helped me ask the right questions when reaching out to my email provider.