In connection security, what is password used for, and what is difference between normal and encrypted, Kerberos and NTLM?
I had two phone calls on successive days with a recorded message saying that my provider would be changing something( I can't remember what). I considered them to be nuisance calls and blocked the numbers. Two days later the following error message occurred when trying to receive e-mails "This POP3 server does not seem to support encrypted passwords. If you have just set up this account, please try changing to 'Normal password' as the 'Authentication method' in the 'Account Settings | Server settings'. If it used to work and now suddenly fails, please contact your email administrator or provider." Talktalk found nothing wrong with their connection to me and said it must be due to Mozilla Thunderbird. I checked the Settings in Accounts and could only change from Encrypted to Normal P/W by changing Connection Security from None to STARTTLS. I could then receive e-mails. But have I left anything less secure by doing this? - Hence the question above. I'd be grateful for any help. Regards, Chris
Chosen solution
OTOH, we may have a new Thunderbird bug that switches your settings from plain or normal password to encrypted password. But if so, I'd expect a deluge of complaints.
Instead, I rather think that one particular email provider/ISP has made a change in his server settings and hasn't done a good job of publicising it.
Read this answer in context 👍 1All Replies (6)
Have a look at this thread:
https://support.mozilla.org/en-US/questions/1220591
The vast majority of email providers use a plaintext password but with encryption (TLS/SSL) used to secure the entire conversation between email client and the server.
Many years ago I had an account with lineone.net (who were subsequently absorbed by tsicali and then later again by talktalk) which unusually did allow an encrypted password. If your account has a similar ancestry, it's possible that it may in the past have supported encrypted passwords. These make sense in a situation where email is passed UNencrypted, and so avoids your password being visible to interlopers. Such a precaution is unnecessary when the whole exchange between client and server is encrypted, as is now common practice.
A problem with first-line helpdesk staff is that they are usually not specialists and work from a script, and so don't really know the full facts about their network's configuration and capabilities. Someone may have made a decision to switch off support for encrypted passwords and didn't think to tell the front-line staff.
I can't answer your question about Kerberos and NTLM, but I understand them to be alternative and secure means of identifying oneself to a server. These are not in widespread use, at least in connection with email.
You can only use what the server provides; if the email provider's servers don't advertise these technologies then Kerberos and NTLM are of no use to you.
Google (other search engines are available) is your friend:
https://en.wikipedia.org/wiki/Kerberos_(protocol) https://en.wikipedia.org/wiki/NT_LAN_Manager
Modified
Chosen Solution
OTOH, we may have a new Thunderbird bug that switches your settings from plain or normal password to encrypted password. But if so, I'd expect a deluge of complaints.
Instead, I rather think that one particular email provider/ISP has made a change in his server settings and hasn't done a good job of publicising it.
I have noticed 2 or 3 threads lately where user setting were at encrypted when they needed to be Normal Password. They claim that they did not make that change themselves.
IIRC, I've seen three such reports which were all from talktalk customers.
Many thanks to all providers of explanations. I've changed settings and receiving e-mails OK. What I don't understand is why I was asked to change incoming Port from 110 to 995 (I've chosen to use POP3).
The implication is that your email provider has recently improved his system to use encryption (TLS/SSL). This safeguards your login, password and message content. Port 995 is the usual way for mail systems to talk to one another when using POP over an encrypted connection.
With the previous use of port 110, none of your traffic would be encrypted, except the password, when they were using the "password encrypted" option. So it's moved from encrypting just your password to encrypting the whole message, and your username and your password.