Why is Gmail reporting T-bird is unsecure and refusing to set up POP3 a/c
I have been using T-bird with Gmail under the POP3 protocol for many years with no problems. A few days ago, I was setting up a complete Linux system for another OAP and as part of this, tried to set up both T-bird and FireFox. This person has an established Gmail A/C which is working properly as Web mail. I set the property - "Use POP3" in the correct Gmail Settings dialogue. When I tried to set up T-bird, I received a "Password not valid" message three times. Upon lookig at the Gmail A/C, I found that my setting for POP3 had been changed. In addition, there were three automated messages in the mailbox reporting attempted break-ins to the A/C. The message said that T-bird should NOT be used since it is insecure (!) and that I should use a Gmail protocol instead. However, I could force Gmail to accept my setting if I accepted the risk of using an "insecure system". There was an implication that Gmail will arbitrarily cancel this use at some time in the future. I think this is FUD. Have you any comments ?
Ŋuɖoɖo si wotia
Hmm, okay, I see. Google only wants you to connect with applications that use OAuth 2.0. Thunderbird and Microsoft Outlook do not support that.
- http://googleonlinesecurity.blogspot.com/2014/04/new-security-measures-will-affect-older.html
- http://windowsitpro.com/security/googles-increased-security-causes-email-clients-stop-synching-gmail
I don't know why OAuth 2.0 is a more reliable way to ensure that you are you than the traditional username/password-over-SSL method, but apparently Google thinks it is. So they want you to be aware that allowing traditional ("insecure") clients takes away some of the new protections they are trying to implement to prevent strangers from logging into your Gmail.
Xle ŋuɖoɖo sia le goya me 👍 1All Replies (7)
I haven't tried connecting Thunderbird to Gmail myself (and if I did, I would use IMAP).
If you check the configuration details, did Thunderbird automatically set up the POP side of the connection with SSL on port 995?
You need to update your Google settings. https://support.google.com/accounts/answer/6009563?hl=en
I thank you for your prompt response. In reply -- [1] I could have chosen IMAP but selected POP3 - (a) because I have used this protocol for yrs and (b) There is only this one cmptr so, synching is not required and is an unnecessary complication for an OAP. [2] Initially, I set POP3 in Gmail and the T-bird "wizard" then correctly detected this and set port 995. (I've been doing this for about 6/7 yrs, so I check all the settings are OK). It was Gmail that blocked the setup and cleared my original POP3 setting - the setting in T-bird did not change. However, when I tried to connect, Gmail reported "Incorrect password", which caused no end of swearing on my part ! In due course, I saw the messages Gmail had generated and I found that I could FORCE Gmail to accept POP3 working by clicking the automated message from Gmail which mentioned "accepting an INSECURE set-up, such as T-bird and Windows". As I said, I think this is FUD and that Gmail is just trying to frighten everyone into using the Google app. and, in the process, kill-off T-bird but I am looking for proper confirmation that T-bird is not inherently insecure. I know it uses SSL/TLS so I do not see how Gmail can claim that it is easier to break into than is their app. Best rgds -
Ɖɔɖɔɖo si wotia
Hmm, okay, I see. Google only wants you to connect with applications that use OAuth 2.0. Thunderbird and Microsoft Outlook do not support that.
- http://googleonlinesecurity.blogspot.com/2014/04/new-security-measures-will-affect-older.html
- http://windowsitpro.com/security/googles-increased-security-causes-email-clients-stop-synching-gmail
I don't know why OAuth 2.0 is a more reliable way to ensure that you are you than the traditional username/password-over-SSL method, but apparently Google thinks it is. So they want you to be aware that allowing traditional ("insecure") clients takes away some of the new protections they are trying to implement to prevent strangers from logging into your Gmail.
Hi christ 1. Please read all my original message and subsequent reply. I initially set POP3 on the Gmail "Settings" page and the T-bird "wizard" noticed this and correctly set port 995. The point of my report here is that Gmaill arbitrarily cancelled the setting I had made and blocked the connection. It then provided an automated reply which said T-bird is insecure and that I shoud use a Google app instead. However, I could force Google to accept my settings and connection to an existing A/C if I acknowledged that I was using an "insecure connection method". I think that they have been hacked and so, if this happens again, they can blame the leakage upon us users who "will insist on using insecure connections, inferior to those offered by Google". As I said FUD --- any comments on this ?
I'm not a fan of conspiracy theories.
You can setup Google 2-step authentication, and you'll be as secure as you can be. Note that for Thunderbird an application specific password is required.
to jsher2000 - Thank you for your follow-up post. I'm sorry but these posts seem to be over-lapping a bit. I've looked at the two URLs you provided and I now understand what is happening. Seems to me that the problems are arising because people are putting email, etc. on "phones" (for want of a better word. I and the people I help are all working with computers at home. Unfortunately, I'm an 80-yr old user, NOT a developer, so I had no idea this info existed. It would n't have inconvenienced Google to have published this material, where their users could see it, would it ? Another good reason to drop using Google -- I'm already converting everyone I know to Ixquick. I'm marking this as "solved".
My thanks to everyone for their speedy replies --
Best regards to all --