Yahoo! thinks Thunderbird sign-in is "less secure"
Following today's revelations about Yahoo's security breach, I have changed my Yahoo password. But in the process I encountered a Yahoo! security setting entitled "Allow apps that use less secure sign in". The page says "Some non-Yahoo apps and devices use less secure sign-in technology, which could leave your account vulnerable. You can turn off access (which we recommend) or choose to use them despite the risks."
It turns out that Thunderbird is one of the apps that Yahoo reckons use less secure sign-in technology, so I have had to "Allow" this exception in order to access my Yahoo! account from Thunderbird.
Should I be concerned? Can anyone comment on T'bird's security of sign-in? (I am not sufficiently technical ...)
All Replies (2)
Ah. Once I had described my problem the Forum software found that @peterleggat had exactly the same issue last month, and @toad_hall had provided a useful reply. I'm not sure I follow it completely TBH - something about OAuth2.
As long as you access your Yahoo account using Thunderbird via TLS this is by no means less secure. TLS means your connection to the server is encrypted. In that case you do see a little padlock at your account name in the folder pane.
Thunderbird will probably support OAuth2 authentication for Yahoo in a future version.