Closed Bug 1427538 Opened 7 years ago Closed 7 years ago

Enable two factor authentication feature

Categories

(Thunderbird :: Security, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

VERIFIED WORKSFORME

People

(Reporter: myoo60, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20171226083017 Steps to reproduce: Set up any email account that requires two factor authentication Actual results: Login fails Expected results: Should ask for the two factor authentication passcode.
More and more email servers are going with two factor authentication (e.g. gmail). I realize that most allow setup of app password, but that sounds like a very poor workaround. It would be nice if thunderbird has two factor authentication feature built-in. I think this should be new feature request and not a bug report, but I don't know how to change this to feature request ticket...
Interesting idea. We might be able to facilitate - but I don't see how we would want to provide it ourselves, as it likely requires expertise that we don't have, or want the responsibility. Other opinions?
Severity: normal → enhancement
Component: Untriaged → Security
I don't understand the report: 2FA works for Gmail and mail.ru (bug 1231642). We have Yahoo on file in bug 1293958. Each provider needs a separate bug.
Yeah nothing to do here, this must be provided server side. First.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
If you set up thunderbird with your gmail account, and your gmail has two factor authentication turned on, thunderbird will fail to log in to your gmail account. There is no settings or methods provided in thunderbird to enter the second passcode. Maybe I'm missing something here. Here's what I verified: My gmail setting without two factor auth. Setup thunderbird to connect to my gmail account, including saved password (so there is no chance for typo in entering passwd). I'm able to get my email from my gmail account. Next, turn on two factor auth in gmail. Try to read email via thunderbird - this fails. It doesn't ask you to enter the second auth passcode, it just fails. Now, gmail tells me that I can generate app password to store in thunderbird by bypass the two factor auth process. But what I'm asking for here is for thunderbird to natively understand that the email server is asking for the second factor auth passwowrd, and prompt the user to enter the code.
Nope... my bad. Account server security settings, authentication method OAuth2. Was that always there? Been using thunderbird forever, but never noticed that before.
Status: RESOLVED → VERIFIED
(In reply to Marcus Yoo from comment #6) > Was that always there? No, that was introduced in TB 38 - https://www.mozilla.org/en-US/thunderbird/38.0beta/releasenotes/

Today my organisation enabled 2FA on Microsoft Office 365 (they call it Multi-factor authentication). This doesn't work with OAuth and they disabled app passwords. In other words, as both my IT and Microsoft documentation confirm, the only way to use MS/MFA is a client that supports it, ie, acknowledge the feature and, after password challenge, asks for a second code (which the MS server provides via SMS or a dedicated app).

I think this ticket should be re-opened, because there's no way that TB can work in the scenario above (as I've verified the painful way, which included hours of time wasting and a row with my IT). TB should support the workflow mentioned above, either as an integrated function or as a plug-in. Please let me know if I should file a separated ticket for proposing this (anyone welcome to do it).

Looks like you should file a specific bug for the MS scenario.

Sorry, I didn't initially see it's already reported.

You need to log in before you can comment on or make changes to this bug.