1 |
Michael wrote: |
2 |
> On Friday, 3 June 2022 02:45:11 BST Dale wrote: |
3 |
>> Howdy, |
4 |
>> |
5 |
>> Early this morning Seamonkey could no longer fetch emails. It wouldn't |
6 |
>> accept the username and password. I did some searching and it seems |
7 |
>> that Google is disabling plain text username and password. Honestly, |
8 |
>> sounds like a good idea really. During my searches, most recommended |
9 |
>> OAuth2 so I switched to it. |
10 |
> Err ... perhaps not? The use of a browser to delegate sign on is not |
11 |
> necessarily a good idea, because it introduces layers of complication and with |
12 |
> it potential vulnerabilities. Random explainer here: |
13 |
> |
14 |
> https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611 |
15 |
> |
16 |
> I recall some IMAP4 devs complaining about it, but Google pushed on |
17 |
> regardless. From the end of May if you want to login to Gmail you have no |
18 |
> option but to use OAuth2. I expect this will break some users login if they |
19 |
> have not disabled what Google calls "Less secure application access" and |
20 |
> shared with Google their mobile phone number and what other *private* |
21 |
> information Google wants to know, before it allows you to access your email |
22 |
> messages. |
23 |
|
24 |
I read a portion of your link. It lost me pretty quick. I seem to |
25 |
recall that the old way, the username and password was sent in plain |
26 |
text. In other words, anyone could grab it between me and google, |
27 |
including my ISP plus who knows who else. I'd think that about anything |
28 |
would be more secure than plain text. There may be better options but I |
29 |
have to work with what Google supports. If it supports something |
30 |
better, I'd switch to that. I'm open to better options. I just want to |
31 |
be able to fetch my emails in a reasonably secure way. BTW, the |
32 |
password I use for email is not used anywhere else. I use Bitwarden |
33 |
now, used LastPass before that. |
34 |
|
35 |
|
36 |
> |
37 |
>> After a while, I noticed it wasn't downloading new emails |
38 |
>> automatically. I have it set to check for new messages every 10 minutes |
39 |
>> or so. I had to hit the Get Msgs button each time. I'd prefer it to do |
40 |
>> it automatically. I tried restarting Seamonkey and even changing the |
41 |
>> settings for doing it automatically, in case a config file needed |
42 |
>> updating after the switch, still doesn't do it automatically. I'm |
43 |
>> attaching a screenshot of the settings. |
44 |
>> |
45 |
>> Does using OAuth2 disable automatically fetching messages or am I |
46 |
>> missing some other setting? It worked fine until I switched to OAuth2 |
47 |
>> so I don't know what else it could be. Is there something better than |
48 |
>> OAuth2 that gmail supports? I just picked the first option I found. |
49 |
>> |
50 |
>> Thoughts?? |
51 |
> The OAuth2 mechanism will refresh exchange of tokens between client and server |
52 |
> when they expire, but this should be seamless and transparent to the user. If |
53 |
> there is a breakdown in the connection for some time and a token expires, then |
54 |
> depending on the mail client it may pop up a window asking for your login |
55 |
> credentials to be resubmitted. It does this occasionally on Kmail, but I have |
56 |
> not noticed it on T'bird, which I believe is similar/same to the mail client |
57 |
> of Seamonkey. |
58 |
> |
59 |
> Checking for emails every so often on a timer, is separate to authentication/ |
60 |
> authorization. Whether you check for email manually, or after a timer |
61 |
> triggers it, OAuth2 will kick in on each occasion as the next step. There may |
62 |
> be some bug in Seamonkey. You could try a later version or try T'bird. If |
63 |
> that works with the same settings, but Seamonkey doesn't, then by a process of |
64 |
> elimination the issue would be with Seamonkey's implementation. |
65 |
> |
66 |
> HTH. |
67 |
|
68 |
|
69 |
I wouldn't think the two would have any effect on each other either but |
70 |
the only change I made was how it sends username and password. Heck, at |
71 |
first, I didn't even restart Seamonkey. When I hit the Get Msg button, |
72 |
it asked for the password and starting downloading several hours worth |
73 |
of emails. It hasn't asked for it again since I entered it the first |
74 |
time so it should be able to trigger itself. Your logic makes sense but |
75 |
reality has thrown a wrench into the gearbox. I thought about switching |
76 |
back but the old way wasn't allowed anymore. So, I can't revert and |
77 |
test. BTW, I'm using POP3 I think. I actually store my emails locally. |
78 |
|
79 |
I'm not sure where to go on this. It may be a bug but even that would |
80 |
be odd since sending username and password should be separate from |
81 |
triggering a timer. It just doesn't make sense. |
82 |
|
83 |
Thanks. |
84 |
|
85 |
Dale |
86 |
|
87 |
:-) :-) |