Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

secure key

  • 2 replies
  • 3 have this problem
  • 1 view
  • Last reply by user700204

more options

AT&T says that Thunderbird isn't going to be able to access my account, because it won't do OAuth2 on my AT&T account (it will on my Gmail account ...). So I am told to use another e-mail client OR get a secure key. Um, "secure key"? So I get a secure key, using their secure key generator, which is 16 alphameric characters. I am told to access my AT&T account using Thunderbird using this secure key as a password. OK, I did that, and it seems to work.

But what the hell have I done? I just changed my password (to a much longer and quite unmemorable one). What makes this new password "secure", when my old password wasn't? This makes no sense at all.

Also, why if Thunderbird can do OAuth2 on Gmail, can't it do it on AT&T mail??

AT&T says that Thunderbird isn't going to be able to access my account, because it won't do OAuth2 on my AT&T account (it will on my Gmail account ...). So I am told to use another e-mail client OR get a secure key. Um, "secure key"? So I get a secure key, using their secure key generator, which is 16 alphameric characters. I am told to access my AT&T account using Thunderbird using this secure key as a password. OK, I did that, and it seems to work. But what the hell have I done? I just changed my password (to a much longer and quite unmemorable one). What makes this new password "secure", when my old password wasn't? This makes no sense at all. Also, why if Thunderbird can do OAuth2 on Gmail, can't it do it on AT&T mail??

Chosen solution

TB currently supports OAuth2 authentication for gmail, AOL, Yahoo, Yandex, and possibly a few others. Support depends on cooperation between the mail provider and TB, and the process of establishing it is different for each one - it's not just a matter of providing an option in TB.

As for the secure mail key, I think its level of security is due to the length and mix of characters - which is more secure than a typical user-generated password.

Read this answer in context 👍 3

All Replies (2)

more options

Chosen Solution

TB currently supports OAuth2 authentication for gmail, AOL, Yahoo, Yandex, and possibly a few others. Support depends on cooperation between the mail provider and TB, and the process of establishing it is different for each one - it's not just a matter of providing an option in TB.

As for the secure mail key, I think its level of security is due to the length and mix of characters - which is more secure than a typical user-generated password.

more options

Thank you. Very interesting about OAuth2 support.

With regard to the secure key, I guess what that's all about is just making a longer password with random alphameric characters. Instead of blathering about "secure keys", they could just insist that passwords be a lot longer. There are standard apps for password quality estimation, and AT&T could simply use one of those. That is, you enter a password, and it decides whether it is adequate.