MozillaZine

Why does Yahoo think TB is a "less secure" application?

Discussion of general topics about Mozilla Thunderbird
Zosimos
 
Posts: 138
Joined: April 23rd, 2004, 12:12 pm
Location: Ohio, USA

Post Posted December 18th, 2017, 12:46 pm

What is a 'secure' application according to Yahoo/Oath? Their own app? Or is there something else that doesn't require a special setting to allow your mail to be downloaded without logging in? I'm just wondering if there are any real risks to using TB to get my Yahoo mail or if this is a scam to try to trick people into only using the vendor app that probably does a lot of snooping. Is there some new email protocol that TB is missing?

DanRaisch
Moderator

User avatar
 
Posts: 119623
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted December 18th, 2017, 12:59 pm

Zosimos wrote:What is a 'secure' application according to Yahoo/Oath? Their own app? Or is there something else that doesn't require a special setting to allow your mail to be downloaded without logging in?

No
Zosimos wrote:I'm just wondering if there are any real risks to using TB to get my Yahoo mail or if this is a scam to try to trick people into only using the vendor app that probably does a lot of snooping.

There is no greater risk in using Thunderbird than any other email client and there is nothing making Yahoo's webmail page (through a browser) more secure than other means of access.

Zosimos wrote: Is there some new email protocol that TB is missing?

No, there is not. It's all Yahoo hype.

tanstaafl
Moderator

User avatar
 
Posts: 44005
Joined: July 30th, 2003, 5:06 pm

Post Posted December 19th, 2017, 5:15 pm

Gmail started that hype. Yahoo adopted it later on to promote their own apps/webmail.

Oauth2 is a authentication protocol. Rather than sending a password over a encrypted secure connection you send a token over a encrypted secure connection. It does eliminate the ability to see a stored password using tools -> options -> security -> passwords -> saved passwords. That is not an issue for most users. If it is, you could add a master password or use other alternatives such as using Keepass or Lastpass rather than the built-in password wizard.

The Yahoo Oauth2 developers guide at https://developer.yahoo.com/oauth2/guide/ states OAuth 2.0 is currently supported by Yahoo Gemini and Yahoo Social APIs. Last I heard Yahoo didn't support OAuth2 in their email yet, and the Thunderbird developers were unable to contact anybody to get the details needed so that Thunderbird could support it when it eventually becomes available.

Return to Thunderbird General


Who is online

Users browsing this forum: No registered users and 2 guests