为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

yahoo password did not succeed (Yahoo thinks Thunderbird is "less secure")

  • 4 个回答
  • 1 人有此问题
  • 6 次查看
  • 最后回复者为 cookiePJones

more options

Yahoo mail is blocking access to my account from Thunderbird because it apparently considers Thunderbird a "less secure app".

I just set up Thunderbird for first time, using my Yahoo account, but was never able to connect. Kept getting error "Sending of password ... did not succeed. Mail server pop.mail.yahoo.com responded: Server error. Please try again later."

Then I see an email from Yahoo saying they blocked it:

"Your account is currently not enabled to sign in from apps that do not meet modern security standards (ex. Older versions of mail and calendar apps such as Outlook). As a result, we prevented a sign in to your Yahoo account... ... We strongly recommend that you switch to Yahoo's apps ... and remove your account from all other less secure apps."

It's true, I did set the Yahoo mail option to not allow "apps that use less secure sign in", I suppose I can change it if I really have to - but would prefer if Thunderbird could be set to use more secure login settings - is that possible? I had used the default security settings: Connection security= SSL/TLS, Authentication=Normal Password.

Any suggestions?

Yahoo mail is blocking access to my account from Thunderbird because it apparently considers Thunderbird a "less secure app". I just set up Thunderbird for first time, using my Yahoo account, but was never able to connect. Kept getting error "Sending of password ... did not succeed. Mail server pop.mail.yahoo.com responded: Server error. Please try again later." Then I see an email from Yahoo saying they blocked it: "Your account is currently not enabled to sign in from apps that do not meet modern security standards (ex. Older versions of mail and calendar apps such as Outlook). As a result, we prevented a sign in to your Yahoo account... ... We strongly recommend that you switch to Yahoo's apps ... and remove your account from all other less secure apps." It's true, I did set the Yahoo mail option to not allow "apps that use less secure sign in", I suppose I can change it if I really have to - but would prefer if Thunderbird could be set to use more secure login settings - is that possible? I had used the default security settings: Connection security= SSL/TLS, Authentication=Normal Password. Any suggestions?

被采纳的解决方案

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. Yahoo do not appear interested, so I suggest you enable less secure apps or move to Google where oAuth2.0 has been working since Thunderbird 38 because they actually issue the application tokens.

定位到答案原位置 👍 0

所有回复 (4)

more options

选择的解决方案

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. Yahoo do not appear interested, so I suggest you enable less secure apps or move to Google where oAuth2.0 has been working since Thunderbird 38 because they actually issue the application tokens.

more options

Matt said

Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. ...

Oh, so THAT's what they mean ... Okay, thanks Matt.

p.s. Can you suggest any others besides Google who use oAuth2.0? (preferably a good paid service rather than "free")

more options

cookiePJones said

Matt said
Thunderbird CAN NOT use the oAuth2.0 authentication until Yahoo ar prepared to issue tokens for mail applications to use. So really we have tried. ...

Oh, so THAT's what they mean ... Okay, thanks Matt.

p.s. Can you suggest any others besides Google who use oAuth2.0? (preferably a good paid service rather than "free")

I can not offer you anything with regard to paid providers other than they exist. Not because of any policy, simply because I do not know.

oAuth2.0 is not really a mail protocol, it is a web browser protocol. One of the reasons so few email programs support it, is that they have to act essentially as a web browser while the authorization dialogs are displayed. Personally I find that somewhat frightening. It is Ok for Thunderbird, we have the Firefox browser components to draw on, but the security implication of having email people start writing web browsers is truly worrying.

Basically oAuth is technically more secure, but it is also persistent, as someone noticed recently, the authorization persists after you delete the password from Thunderbird. So it is a horses for courses thing. Personally I think a user name and password is about as good, as long as the password falls into the passphrase category. http://www.useapassphrase.com/

But the best protection is a provider that locks your account after a number of incorrect attempts. All the information you will see talks about how long passwords take to crack, but this is based on computers throwing millions of guesses and trying again until they get it right. If you account is locked out after 3 or 4 bad attempts then it will take forever to guess your password another attempt can not be made until you go through the steps to again resume use of our account.

In the end, nothing preserves your data on a server except encryption of that data, so regardless of the connection method used, your data is not secure if the provider is hacked. Which is how Yahoo managed to loose something like a billion user names and passwords.

more options

Really good point.