Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Email Passwords

  • 3 replies
  • 1 has this problem
  • 6 views
  • Last reply by Matt

more options

In trying to troubleshoot and resolve a problem sending and receiving email from my ISP and their domain name in the email addresses, I've tried to exonerate or blame either Thunderbird or their email system. To date I've been unsuccessful. I'm here now to ask some questions that might move the issue forward to identify the problem and resolve it.

It is my understanding that Thunderbird stores passwords I have assigned to accounts. Because there are (or appear not to be) means to simply enter those passwords within Thunderbird, there must be another way that TB acquires them. From having used TB for years, I've observed that TB serves a response that asks for a password when authentication between the TB client software and an ISP mail serve. I have inferred that it is this pathway that allows TB to acquire passwords that it then stores when they have been used successfully validated.

Does email account password acquisition by Thunderbird function in the way I described (or close to it, even)? If that is not how it is done, how is it done? IOW, How do I tell Thunderbird what passwords to use to validate email message exchanges with my ISP?

This question arises from my attempts to resolve my problem, but leads to questions about how I decided I would resolve the issue of unrecognized passwords. My plan was to delete passwords for these email accounts from Thunderbird and from my ISP and start fresh with new passwords. To that end, I learned how to find the passwords that TB stores buy following Tools > Settings > Privacy and Security > Saved Passwords > Show Passwords. I then captured that information in a separate text file so that I would not lose those passwords and deleted all the passwords in Thunderbird.

I ran into problems with my ISP in trying to delete and set up new passwords. I'm trying to make them own the problem and they are saying that the problem is in TB therefore beyond their responsibility. What's worse is that they are using the email password validation problem to refuse ownership of their email address password interface problem. That's why I'm back here asking questions . . . to exonerate Thunderbird or learn what I don't know.

Thank you for any assistance you can give to help me understand how TB acquires and uses email account passwords.

In trying to troubleshoot and resolve a problem sending and receiving email from my ISP and their domain name in the email addresses, I've tried to exonerate or blame either Thunderbird or their email system. To date I've been unsuccessful. I'm here now to ask some questions that might move the issue forward to identify the problem and resolve it. It is my understanding that Thunderbird stores passwords I have assigned to accounts. Because there are (or appear not to be) means to simply enter those passwords within Thunderbird, there must be another way that TB acquires them. From having used TB for years, I've observed that TB serves a response that asks for a password when authentication between the TB client software and an ISP mail serve. I have inferred that it is this pathway that allows TB to acquire passwords that it then stores when they have been used successfully validated. Does email account password acquisition by Thunderbird function in the way I described (or close to it, even)? If that is not how it is done, how is it done? IOW, How do I tell Thunderbird what passwords to use to validate email message exchanges with my ISP? This question arises from my attempts to resolve my problem, but leads to questions about how I decided I would resolve the issue of unrecognized passwords. My plan was to delete passwords for these email accounts from Thunderbird and from my ISP and start fresh with new passwords. To that end, I learned how to find the passwords that TB stores buy following Tools > Settings > Privacy and Security > Saved Passwords > Show Passwords. I then captured that information in a separate text file so that I would not lose those passwords and deleted all the passwords in Thunderbird. I ran into problems with my ISP in trying to delete and set up new passwords. I'm trying to make them own the problem and they are saying that the problem is in TB therefore beyond their responsibility. What's worse is that they are using the email password validation problem to refuse ownership of their email address password interface problem. That's why I'm back here asking questions . . . to exonerate Thunderbird or learn what I don't know. Thank you for any assistance you can give to help me understand how TB acquires and uses email account passwords.

All Replies (3)

more options

I suggest you have a look at the support document about passwords. It explain about where they are saved and how to edit what is saved. BTW I really do not think bleeding edge development versions of the product are suitable to you. You apparently expect explicit instructions and a development version is by default "under construction" You reference V114, so I assume you are using a beta version which is now V115. I suggest you right click on the toolbar and select the menu bar be visible. Then you will not need to complain about missing or lost menu choices. In recent years they have been the most stable interface of all, being largely unchanged since V2.

https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-tb

Note that when you add an account the add process includes a save or remember password option which defaults to selected. Whenever you are asked for an account password you are also prompted below in the dialog to use the password manager to save the password.

Thunderbird saves a separate password for incoming and outgoing. Even if they are identical.

Many folk who appear on this site with password issues have installed a third party password manager (sometimes in an internet security suite, I think Norton for one had such a "feature" if I recall correctly) and that is the source of their frustration. Not Thunderbird or their mail server/provider.

It is also a "feature" of many antivirus product or their firewall components to simply block new unknown versions of Thunderbird, and here you are on a beta that updates often. When that blocking occures you are prompted for a password.

Finally if Thunderbird fails to connect it pops up a connection failed error and asks for a password, the assumption that that is the most common reason for a once working setup to suddenly fail. But the existence of a request does not in itself mean there is a password issue at all, it means there is a connectivity issue.

So then we move on to oauth authentication which is used by most of the non ISP mail providers these days. The initial authorization process uses a password known to you to authorize the access. The actual ongoing token used by Thunderbird to interact with the server is supplied via the internet to Thunderbird by the mail provider and is stored in the password manager. You will see these in the password manager as oauth: in the beginning of the entry. Authentication failures with oauth do not pop up a "normal" request for password prompt. Instead starting a flow of web pages to authenticate permission for Thunderbird to access the account with the provider.

more options

Matt, thanks for an informative response. First, my apologies for posting an incorrect version number. I am running 102.12.0 64-bit on Windows 10 22H2. I should have checked it more carefully. I never run beta versions or those under development knowingly.

The article link was helpful because I was unaware that right clicking a displayed connection would allow me to edit the data. Likewise the information about oauth token gives me more to consider. Thanks.

I do not see a "flow of web pages" related to TB permission to access the ISP mail client but rather see only the message shown in the screen shot. Providing the known-to-be-at-my-ISP mail account password in response only returns the same message. The message appears periodically, based on a time interval (I think) and is presented for each of my ISP email addresses regardless of anything I initiate in TB.

I do use a password manager, Roboform. If it provides a password without me being aware of it, that is news to me. That's another avenue to investigate.

I had not suspected a connectivity issue because I can send and receive Gmail and browse the web successfully, although I have experienced some response delays. My wife has experienced the same using her iPad and iOS facilities without TB. I left this area unexplored because I thought the issue to be related to 100+ degree temperatures in our area for the last couple of weeks. I will explore this further.

Finally, can you respond to my recovery strategy of resetting passwords in both TB and at my ISP? Is this plan realistic? Is there a better strategy? (assuming of course that connectivity issues are resolved if they exist)

Again, thank you for a helpful response.

more options

What you need to remember is web pages are transmitted on port 443 usually (encrypted) or 80 unencrypted mail exclusively uses different port numbers. https://billing.precedence.com.au/billing/knowledgebase/70/Mail-Ports-for-POP3-IMAP-and-SMTP.html

While the link offers general standards, there is nothing stopping a server admin actually requiring a port up to 65535 because in the IPV4 parts of the internet ports are an unsigned integer, and realistically email servers still use IPv4 as everything internet connected is aware of IPv4 the same can not yet be said of IPv6 despite it's increasing utilization in an internet that is out of IP4 addresses.

What this all means is being able to access the web really is not very related to email. Unfortunately in the last 20 years the public consciousness has largely turned "the internet" and "the web" part of the internet into interchangeable terms. If you are not familiar with ports, it may be helpful to consider them in terms of lanes on a highway. You can access lane 443, but that does not mean you can get stuff to the same destination even using lave 993

Things like VPN's, software firewalls and in some cases other installed software all can interrupt data on specific ports, either intentionally your thorough accident. Some VPN's simply do not support anything but the World Wide Web. Software firewalls are particularly suspect as most rely on recognizing the software making the call to the port. Hardly helpful if the software is a new version. For instance you mention Thunderbird as version 102.12.0. The point part (12) will last about 4 weeks usually. The next component which you report a 0 can be updated any time in that 4 weeks if there is some sort of emergency release required. So at best these software firewalls go out of date about every 4 weeks and most rely on phoning home to learn of new releases.

Hardware firewalls on say routers do not interest themselves in the source application. They simply allow or block data on a port number, or block and allow certain datagrams on the port using packet inspection. Historically there was a US ISP that released new modems to their customers that blocked their own mail ports. It was a mess and went on for longer than it should have because the majority of mail is now transacted on webmail, not mail clients. So even these can cause issues.

Roboform is not something I am familiar with, but in the past the Norton "vault" caused issues with auto filling old passwords. I assume the same potential is in most of the password products,