I use Betterbird to access a hotmail account. What should I do after mid September? (see below - email from MS)
I'm hoping that BB will incorporate what MS calls "modern authentication methods".
Ed
"The safety and security of your information is top priority for
Microsoft. To help keep your account secure, Microsoft will no longer
support the use of third-party email and calendar apps which ask you to
sign in with only your Microsoft Account username and password. To keep
you safe you will need to use a mail or calendar app which supports Microsoft’s modern authentication methods. If you do not act, your third-party email apps will no longer be able to access your
Outlook.com, Hotmail or Live.com email address on September 16th."
I use Betterbird to access a hotmail account. What should I do after mid September? (see below - email from MS)
I'm hoping that BB will incorporate what MS calls "modern authentication methods".
Ed
"The safety and security of your information is top priority for
Microsoft. To help keep your account secure, Microsoft will no longer
support the use of third-party email and calendar apps which ask you to
sign in with only your Microsoft Account username and password. To keep
you safe you will need to use a mail or calendar app which supports Microsoft’s modern authentication methods. If you do not act, your third-party email apps will no longer be able to access your
Outlook.com, Hotmail or Live.com email address on September 16th."
wasbit wrote:
On 03/07/2024 15:51, Ed Cryer wrote:Automatic, when available, in an email client(desktop, laptop, tablet,
I use Betterbird to access a hotmail account. What should I do after
mid September? (see below - email from MS)
I'm hoping that BB will incorporate what MS calls "modern
authentication methods".
Ed
"The safety and security of your information is top priority for
Microsoft. To help keep your account secure, Microsoft will no longer
support the use of third-party email and calendar apps which ask you
to sign in with only your Microsoft Account username and password. To
keep you safe you will need to use a mail or calendar app which
supports Microsoft’s modern authentication methods. If you do not
act, your third-party email apps will no longer be able to access
your Outlook.com, Hotmail or Live.com email address on September 16th."
"What do you need to do?
If you are receiving this email, you are currently using an email or
calendar app that uses a less secure authentication method to connect
to your Outlook.com email account. You will need to upgrade your
third-party mail and calendar app to a version which supports modern
authentication methods."
I presume the above is not true as Thunderbird, OE Classic & Fossamail
can all use OAuth2 for authentication yet that authentication fails
when swapped from Normal Password to OAuth2 but is accepted when
reverted to Normal Password.
From my trials it seems that Microsoft is only accepting
authentication from email clients when they are configured
automatically but as usual there is scant information for end users.
phone) validates the client as registered or previously registered for OAuth2, configures the account to support the Exchange protocol and
depending upon the client prompts or informs the user of the items to be synced.
- Not all email accounts will or can sync everything(mail, contacts, calendar, etc.)
- Not all clients setup automatically with OAuth2 for Exchange will
prompt or inform the synced items. e.g. Outlook 365[1] for an
Outlook.com type account(Outlook/Live/Hotmail/MSn.com and 3rd party
email accounts configured to be a Microsoft account)
[1] Applies to Outlook stand-alone editions(2013 through 2021, 2022)
and subscription editions(e.g. Outlook 365[aka Microsoft 365 Outlook]Personal, Family, Enterprise)
Simple explanation:
With OAuth2 and Exchange in place, the authorization validates the username/pw but prior to connection returns an access token which
authorizes the connection, then permits the client to access the
destination.
By changing the setting in an email client from the simple username/pw
combo the registration of the client and authorization of the app does
not occur.
I suspect(please inform if otherwise), your test of changing the Normal Password to OAuth2 in an Outlook.com type account was done in a POP3 or
IMAP email account - which as you probably already known are different protocols than the required Exchange protocol.
i.e. the account protocol, afaik, can not be changed to Exchange in an existing account using POP3 or IMAP.
Finally, not to be confused with and 'App Password'
- App passwords grant permissions to access(one time use in lieu of
the password). OAuth2 only grants access that was previously authorized, validated and confirmed.
wasbit wrote:
On 05/07/2024 16:18, ...winston wrote:
wasbit wrote:
On 03/07/2024 15:51, Ed Cryer wrote:Automatic, when available, in an email client(desktop, laptop,
I use Betterbird to access a hotmail account. What should I do
after mid September? (see below - email from MS)
I'm hoping that BB will incorporate what MS calls "modern
authentication methods".
Ed
"The safety and security of your information is top priority for
Microsoft. To help keep your account secure, Microsoft will no
longer support the use of third-party email and calendar apps which
ask you to sign in with only your Microsoft Account username and
password. To keep you safe you will need to use a mail or calendar
app which supports Microsoft’s modern authentication methods. If
you do not act, your third-party email apps will no longer be able
to access your Outlook.com, Hotmail or Live.com email address on
September 16th."
"What do you need to do?
If you are receiving this email, you are currently using an email or
calendar app that uses a less secure authentication method to
connect to your Outlook.com email account. You will need to upgrade
your third-party mail and calendar app to a version which supports
modern authentication methods."
I presume the above is not true as Thunderbird, OE Classic &
Fossamail can all use OAuth2 for authentication yet that
authentication fails when swapped from Normal Password to OAuth2 but
is accepted when reverted to Normal Password.
From my trials it seems that Microsoft is only accepting
authentication from email clients when they are configured
automatically but as usual there is scant information for end users.
tablet, phone) validates the client as registered or previously
registered for OAuth2, configures the account to support the Exchange
protocol and depending upon the client prompts or informs the user of
the items to be synced.
- Not all email accounts will or can sync everything(mail,
contacts, calendar, etc.)
- Not all clients setup automatically with OAuth2 for Exchange will
prompt or inform the synced items. e.g. Outlook 365[1] for an
Outlook.com type account(Outlook/Live/Hotmail/MSn.com and 3rd party
email accounts configured to be a Microsoft account)
[1] Applies to Outlook stand-alone editions(2013 through 2021,
2022) and subscription editions(e.g. Outlook 365[aka Microsoft 365
Outlook]Personal, Family, Enterprise)
Simple explanation:
With OAuth2 and Exchange in place, the authorization validates the
username/pw but prior to connection returns an access token which
authorizes the connection, then permits the client to access the
destination.
By changing the setting in an email client from the simple
username/pw combo the registration of the client and authorization of
the app does not occur.
I suspect(please inform if otherwise), your test of changing the
Normal Password to OAuth2 in an Outlook.com type account was done in
a POP3 or IMAP email account - which as you probably already known
are different protocols than the required Exchange protocol.
i.e. the account protocol, afaik, can not be changed to Exchange in
an existing account using POP3 or IMAP.
Finally, not to be confused with and 'App Password'
- App passwords grant permissions to access(one time use in lieu of
the password). OAuth2 only grants access that was previously
authorized, validated and confirmed.
Sorry, lost your reply. Thanks for the input.
No apps. No contacts. No calendar. Just email.
It doesn't explain why a working email address used in a Windows email
client (Thunderbird 1.2.15.1) authenticates one minute, then fails,
then some time later authenticates again. This has been going on for a
number of months.
It mainly happens with one email address but sometimes others. That
email address can normally be accessed via a browser.
It hasn't happened with email addresses in other clients (Fossamail) &
it hasn't happened with Gmail/EMClient.
Just reporting the facts.
Tested and works fine on all these TBird versions.
115.11.0
115.11.1
115.12.1
115.12.2
115.13.0
128.00.0 ESR
Note: Users looking for 115.13.0 may have to go here to obtain it. <https://releases.mozilla.org/pub/thunderbird/releases/115.13.0/win64/en-US/>
The main web site download option is only providing 128 ESR. The release notes for each indicates the reason for 115.13 not being available
On 05/07/2024 16:18, ...winston wrote:
wasbit wrote:
On 03/07/2024 15:51, Ed Cryer wrote:Automatic, when available, in an email client(desktop, laptop, tablet,
I use Betterbird to access a hotmail account. What should I do after
mid September? (see below - email from MS)
I'm hoping that BB will incorporate what MS calls "modern
authentication methods".
Ed
"The safety and security of your information is top priority for
Microsoft. To help keep your account secure, Microsoft will no
longer support the use of third-party email and calendar apps which
ask you to sign in with only your Microsoft Account username and
password. To keep you safe you will need to use a mail or calendar
app which supports Microsoft’s modern authentication methods. If you >>>> do not act, your third-party email apps will no longer be able to
access your Outlook.com, Hotmail or Live.com email address on
September 16th."
"What do you need to do?
If you are receiving this email, you are currently using an email or
calendar app that uses a less secure authentication method to connect
to your Outlook.com email account. You will need to upgrade your
third-party mail and calendar app to a version which supports modern
authentication methods."
I presume the above is not true as Thunderbird, OE Classic &
Fossamail can all use OAuth2 for authentication yet that
authentication fails when swapped from Normal Password to OAuth2 but
is accepted when reverted to Normal Password.
From my trials it seems that Microsoft is only accepting
authentication from email clients when they are configured
automatically but as usual there is scant information for end users.
phone) validates the client as registered or previously registered for
OAuth2, configures the account to support the Exchange protocol and
depending upon the client prompts or informs the user of the items to
be synced.
- Not all email accounts will or can sync everything(mail, contacts,
calendar, etc.)
- Not all clients setup automatically with OAuth2 for Exchange will
prompt or inform the synced items. e.g. Outlook 365[1] for an
Outlook.com type account(Outlook/Live/Hotmail/MSn.com and 3rd party
email accounts configured to be a Microsoft account)
[1] Applies to Outlook stand-alone editions(2013 through 2021, 2022)
and subscription editions(e.g. Outlook 365[aka Microsoft 365
Outlook]Personal, Family, Enterprise)
Simple explanation:
With OAuth2 and Exchange in place, the authorization validates the
username/pw but prior to connection returns an access token which
authorizes the connection, then permits the client to access the
destination.
By changing the setting in an email client from the simple username/pw
combo the registration of the client and authorization of the app does
not occur.
I suspect(please inform if otherwise), your test of changing the
Normal Password to OAuth2 in an Outlook.com type account was done in a
POP3 or IMAP email account - which as you probably already known are
different protocols than the required Exchange protocol.
i.e. the account protocol, afaik, can not be changed to Exchange in
an existing account using POP3 or IMAP.
Finally, not to be confused with and 'App Password'
- App passwords grant permissions to access(one time use in lieu of
the password). OAuth2 only grants access that was previously
authorized, validated and confirmed.
Sorry, lost your reply. Thanks for the input.
No apps. No contacts. No calendar. Just email.
It doesn't explain why a working email address used in a Windows email
client (Thunderbird 1.2.15.1) authenticates one minute, then fails, then
some time later authenticates again. This has been going on for a number
of months.
It mainly happens with one email address but sometimes others. That
email address can normally be accessed via a browser.
It hasn't happened with email addresses in other clients (Fossamail) &
it hasn't happened with Gmail/EMClient.
Just reporting the facts.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 361 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 123:32:56 |
| Calls: | 7,716 |
| Files: | 12,861 |
| Messages: | 5,727,956 |