1310456 - "Login to server imap.mail.yahoo.com failed." if "Allow apps that use less secure sign in" is not enabled

Status: RESOLVED INVALID

(Thunderbird :: Security, defect)

Description

[Nick Levinson]

Yahoo considers Thunderbird as a less-secure app for logging into Yahoo for email. Yahoo doesn't give details but it refused to let me log into Yahoo that way unless I gave permission to Yahoo for a less-secure login, which is temporary, apparently not limited to the current session but how long is unstated. This was on Sep. 17, 2016, using Thunderbird version 45.3.0 on openSuse 13.2 Linux, which I keep evergreen. With 45.4.0 today, login via Thunderbird still fails.

Comment 1

[Wayne Mery (:wsmwk)]

I believe this is covered in bug 1293958

Comment 2

[Wayne Mery (:wsmwk)]

I never had my yahoo account in thunderbird, so I don't know what it was like months or years ago. But I tried it - let autoconfig do its thing - and I get "Login to server imap.mail.yahoo.com failed." unless I enable "Allow apps that use less secure sign in" on the yahoo security page. 

https://help.yahoo.com/kb/account/SLN27791.html?impressions=true describes the setting. But this is not Thunderbird's fault or doing - it's Yahoo's requirement, similar to gmail choices. So not a Thunderbird bug.

The better security choice is of course oauth which requires  bug 1293958. ref: https://help.yahoo.com/kb/SLN5013.html

Simon also recently reported this in bug 1304646

Comment 3

[Wayne Mery (:wsmwk)]

Another alternative is to enable 2fa (two factor) in yahoo, and get an app password (ala gmail)