secure key
AT&T says that Thunderbird isn't going to be able to access my account, because it won't do OAuth2 on my AT&T account (it will on my Gmail account ...). So I am told to use another e-mail client OR get a secure key. Um, "secure key"? So I get a secure key, using their secure key generator, which is 16 alphameric characters. I am told to access my AT&T account using Thunderbird using this secure key as a password. OK, I did that, and it seems to work.
But what the hell have I done? I just changed my password (to a much longer and quite unmemorable one). What makes this new password "secure", when my old password wasn't? This makes no sense at all.
Also, why if Thunderbird can do OAuth2 on Gmail, can't it do it on AT&T mail??
Chosen solution
TB currently supports OAuth2 authentication for gmail, AOL, Yahoo, Yandex, and possibly a few others. Support depends on cooperation between the mail provider and TB, and the process of establishing it is different for each one - it's not just a matter of providing an option in TB.
As for the secure mail key, I think its level of security is due to the length and mix of characters - which is more secure than a typical user-generated password.
Read this answer in context 👍 3All Replies (2)
Chosen Solution
TB currently supports OAuth2 authentication for gmail, AOL, Yahoo, Yandex, and possibly a few others. Support depends on cooperation between the mail provider and TB, and the process of establishing it is different for each one - it's not just a matter of providing an option in TB.
As for the secure mail key, I think its level of security is due to the length and mix of characters - which is more secure than a typical user-generated password.
Thank you. Very interesting about OAuth2 support.
With regard to the secure key, I guess what that's all about is just making a longer password with random alphameric characters. Instead of blathering about "secure keys", they could just insist that passwords be a lot longer. There are standard apps for password quality estimation, and AT&T could simply use one of those. That is, you enter a password, and it decides whether it is adequate.