AOL security update by 7DEC21 requires new account, best way to migrate email files?
NOTE: I do NOT have a solution, the email with that comment was clicked on accidentally.
Note that when creating a brand new email in Thunderbird with the extra security step, it did NOT utilize OAuth. That is NOT what happens in the new security process.
If I re-create my existing email, will TB glitch? How do I migrate my existing POP folders to the "new" version of the account?
AOL security update by 7DEC21 requires creating a new account, best way to migrate email files? Notably their instructions don't mention this...
Anyone do this already? Any glitches? What's the easiest way to put your old account data into the new one?
How does TB handle the fact that you have two identical emails with separate accounts, differing only in that one-time password?
And how do you access that password entry popup that ONLY appears during account setup?
Modified
All Replies (20)
Note that this is not moving ALL accounts from one Profile to another Profile, its just populating a new empty user account with a copy of what is in an older user account.
Everything my search turns up is about putting an entire old profile into a new profile on a new machine.
How do you invoke about:profiles from within Thunderbird? If you do that in FireFox it will open the Firefox profiles.
Found the Profile folder via Help Dropdown / Troubleshooting Info The way each email account is named in the Profile's mail folder or imap folder is useless for determing which email address is associated with that filename !!! It gives them a suffix number.
How are you supposed to figure this out & not operate on the wrong data?
There seems to be no Installs.ini or Profiles.ini files as there is in Firefox. So can you just drag & drop the files from one Profile to another?
For IMAP I have half a dozen email addresses (not AOL) which must use an intermediary app called Protonmail Bridge, and its server address is 127.0.0.1 Its very strange that the filenames for each email address have the unique number identifier "embedded" in the server address as follows : 127.0.0-1.1, 127.0.0-2.1, etc. What is the explanation for this?
TYPO: "So can you just drag & drop the files from one Profile to another?"
I mean to say drag & drop from one email account to another. My brain is contaminated by a simultaneous problem with Firefox profile data.
Just a hint... Once you reply to yourself your topic is no longer "New" and if you offered as one of the topics requiring a first response. You habit of having a conversation with yourself certainly does you no service in getting a response.
I have not read all you posted, but it looks like you are trying to do things in the file system. doing that to anywhere but local folders will see your mail synchronized to oblivion the first time the account connects.
The file system is not meant for users to meddle, so of course it does not come with nicely labeled files to make it simple to mess up your mail completely by assuming things that are not correct. I have not looked in a Firefox profile for a long time, but you prompted me to as Thunderbird does not use NI files. Nope. No ini files there in Firefox of any value either.
I think perhaps start with the information AOL have supplied. What exactly does it say?
I think that it is somewhat odd that AOL would be asking you to create a new account in Thunderbird. I would be more inclined to say your existing account needs to have the authentication method changed to oAuth. Yahoo forced a similar change and sent out an equally stupid email to their customers about creating all sorts of mayhem and deleting all their data if they followed the instructions when all that was required was a simple setting change on the existing account.
I just created an account as AOL, Perhaps going forward I can get some of these extremely poorly conceived missives from the hedge fund owned yahoo. But I set the account up to use oAuth in the first place so whatever is affecting you improbably irrelevant to me.
A copy of the correspondence would be helpful. Perhaps we can avert another yahoo style disaster where folks went out and deleted 20 years worth of mail because of poor information provided.
The process seemed to be the same as for what happened w/ Yahoo accounts, as far as I recall. AOL wants me to create a NEW account in Thunderbird, and when the screen asking you to enter your password appears, instead of your normal PW to log in, you have to enter a 16 digit one time code which you obtain by logging into AOL on the web and going to a "get password" location.
This is NOT mentioned in their Help files about setting up POP accounts, but the server & port locations remain the same as stated in those Help files.
The one account I have already set up is still using NORMAL password, NOT OAuth.
This was a brand new account so I don't have to worry about moving my existing email data into it. In fact, although TB found the setup data in its database, when checking the PW it kept failing & giving vague possiblities as to why. I bit the bullet and paid the $$$ to get Tech Support from AOL, and I had to go thru this one-time process to create the account. Because their instruction are shit. They should be paying ME to point out how they have fucked up.
But I'm not moving EXISTING accounts until I know how to copy my folders into the "new" account.
Note my account is verizon.net but its a trivial difference. Just the POP.verizon.net & SMTP.verizon.net; same ports & authentication (SSL) & PW type (Normal).
email: 11/8/21 SUBJECT: Important security notice for your AOL account
Hi AOL Member,
We love that you love using AOL email. And we want to make sure you always have the best experience. That’s why we’re reaching out today.
We’ve noticed that you’re using non-AOL applications (such as third-party email, calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, AOL will no longer support the current sign-in functionality in your application starting on December 7, 2021. This means that you will need to take one of the steps below to continue using your AOL Mail without interruption.
But don’t worry, you have options:
Option 1: We recommend that you access your mail using our free AOL app for iOS and Android or simply go to mail.aol.com to access AOL Mail on the web.
Option 2: Keep your current, non-AOL app, BUT follow a few steps to get it to sync with our secure sign-in method. The steps vary across different email applications, but in most cases, you will have to remove your AOL account from the app and then add it back again to update sign-in security. Use the links below to follow the specific steps for your current application:
iOS Mail Gmail Samsung Mail Others
[ FROM THERE NAVIGATE TO THUNDERBIRD ]
Option 3: You can generate a one-time, unique password that will allow you to sign in to your account using your non-AOL email application. Once created, this password will continue to allow your app to securely sync your AOL email unless you sign out (or are signed out) from your app. You can find instructions on how to do this here.
If you want more details on these changes, please visit our help page. If you’ve already taken action, we’d like to think you haven’t read this far, but if you have... we appreciate the diligence!
It seems to me that if you can get to that popup which only appears during account creation, while within an existing account, you ought to be able to enter the one-time PW -- maybe without screwing up the existing data. I guess this is the PW that TB uses to reach the server for the very first time.
There is no accounting for the corporate stupidity of the new yahoo. They learned nothing from sabotaging their customers at yahoo, now they are repeating the same flawed and basically very incorrect information to the AOL and Verizon brigade. The is no accounting for the harm it should be doing the companies reputation.
Simply go to the account settings (Right click the account in the folder pane and select settings) Change the authentication method to oAuth from what would normally be "Normal password" Goto the outgoing server (SMTP) entries at the bottom of the account list and select your outgoing aol account. change that one to use oAuth as well.
Next attempt to get mail and be taken through the oAuth authentication process. Change completed.
Dammit, that is NOT my chosen solution. The email presents that as the biggest box to click on & I did so unadvertantly. How do I un-choose the flag?
Does not address any of my questions
How does TB handle the fact that you have two identical emails with separate accounts, differing only in that one-time password?
How do I migrate my existing POP folders, on my computer, to a new account with the same email?
When creating a NEW account with the new security process, it did NO create an OAuth setup.
This upcoming email disaster slipped my mind for a few days due to more urgent matters.
Modified
I'm on the phone with $5 a month tech support & getting bafflegab.
I'm using TB for Mac "the email is in error, its only about people using a 3rd party app" TB IS a 3rd party app"
"Umm, you will have to enter a 1 time password" I already stated that I want you to tell me HOW to do that for an account already existing in TB
"Um Um"
So she claims that TB will not choke on having two email accounts with identical identification. However, she cannot tell me how to copy or move the emails from the old to the new.
OTOH she claims that my existing account will work, until it stops working (it will stop working if I logout - I presume she means quitting TB), and then I gather it will be necessary to goto password.aol.com, sign in with that email account, generate a password, and use that password when TB asks for it. TB can memorize it if I check the Save In Password Manager box.
So its not really a "one time" PW ??? Note what it says: "App Password If you don’t normally use a password to sign in to your Aol account, here’s where you can generate a password for 3rd-party apps that require passwords."
Seems like they are just generating an "ordinary" password and having the user assign it to the app. So the opposite of the usual way of having the user generate the PW and then type it into their app AND the AOL webpage.
So this warning email about doom on Dec7 (and who is the idiot who picked THAT date ???) boils down to "you are going to need an ordinary password because we think our server is accepting requests without requiring any password at all and we are going to fix that." ???
I am guessing that when you set up a NEW account, that one-time popup in TB asking for the password automatically puts the PW into the PW Manager?
Side note: logging into the password.aol.com page did not accept the PW I use with TB. Odd. Maybe years ago I used a different one? But how can the email server accept a different PW than the website? Just weird. Legacy from verizon handover of email services?
Anyway I had to use Forgot PW, and generate a new PW. This got me into the AOL web page. It also is now the PW I need to use with TB to get/send mail.
However the old PW is still in the TB password manager. But why has TB always asked me to input it by hand, the first time I get or send mail, every time I restart TB ? Its in the PW Manager, but not being utilized???
Oh, different mailboxes. Odd that today suddenly using the aol server for smtp, but still using the verizon server for pop. Maybe either would work, but their webpage still says to use verizon for both:
smtp://smtp.verizon.net (smtp://smtp.verizon.net) is from 2014 smtp://smtp.aol.com (smtp://smtp.aol.com) is from today, with the new PW
there is no corresponding 2014 dated saved pop address or PW mailbox://pop.verizon.net (mailbox://pop.verizon.net) is from today, with the new PW
And just FYI: oauth://login.yahoo.com (mail-w) has a PW that must be 3x16 digits long. But aol & yahoo are the same mega-corporation...
Modified
So she claims that TB will not choke on having two email accounts with identical identification. However, she cannot tell me how to copy or move the emails from the old to the new.
OTOH she claims that my existing account will work, until it stops working (it will stop working if I logout - I presume she means quitting TB), and then I gather it will be necessary to goto password.aol.com, sign in with that email account, generate a password, and use that password when TB asks for it. TB can memorize it if I check the Save In Password Manager box.
So its not really a "one time" PW ??? Note what it says: "App Password If you don’t normally use a password to sign in to your Aol account, here’s where you can generate a password for 3rd-party apps that require passwords."
Seems like they are just generating an "ordinary" password and having the user assign it to the app. So the opposite of the usual way of having the user generate the PW and then type it into their app AND the AOL webpage.
So this warning email about doom on Dec7 (and who is the idiot who picked THAT date ???) boils down to "you are going to need an ordinary password because we think our server is accepting requests without requiring any password at all and we are going to fix that." ???
I am guessing that when you set up a NEW account, that one-time popup in TB asking for the password automatically puts the PW into the PW Manager?
Side note: logging into the password.aol.com page did not accept the PW I use with TB. Odd. Maybe years ago I used a different one? But how can the email server accept a different PW than the website? Just weird. Legacy from verizon handover of email services?
Anyway I had to use Forgot PW, and generate a new PW. This got me into the AOL web page. It also is now the PW I need to use with TB to get/send mail.
However the old PW is still in the TB password manager. But why has TB always asked me to input it by hand, the first time I get or send mail, every time I restart TB ? Its in the PW Manager, but not being utilized???
Oh, different mailboxes. Odd that today suddenly using the aol server for smtp, but still using the verizon server for pop. Maybe either would work, but their webpage still says to use verizon for both:
smtp://smtp.verizon.net (smtp://smtp.verizon.net) is from 2014 smtp://smtp.aol.com (smtp://smtp.aol.com) is from today, with the new PW
there is no corresponding 2014 dated saved pop address or PW mailbox://pop.verizon.net (mailbox://pop.verizon.net) is from today, with the new PW
And just FYI: oauth://login.yahoo.com (mail-w) has a PW that must be 3x16 digits long. But aol & yahoo are the same mega-corporation...
Deeper into the app generation process AOL says: "Aol can generate an App password, a one-time password to use with just that app/service, instead of your normal password."
So it IS a one time PW.
Except later: "If you stop using Thunderbird, you can delete the app password here to remove Thunderbird's access to your account."
So it IS NOT a one time PW. Can't be if its retained in their system & needs to be deleted.
FireFoxSucks said
Dammit, that is NOT my chosen solution. The email presents that as the biggest box to click on & I did so unadvertantly. How do I un-choose the flag? Does not address any of my questions
Given you are acting on disastrously bad advice from a corporation that demonstrate a total lack of competence I am ignoring your questions because they are irrelevant. Do what yahoo tells you to and loose your mail. It is really that simple for anyone using a pop mail account.
Thunderbird should refuse to add a duplicate account. You have one, so adding it again is not something you should want to do. I have a duplicate for testing purposes, and it will work side be side without an issue. But it is not something most folks would want. Two copies of each email that comes to their account.
You continue to poke around app passwords and a load of other irrelevant stuff for reasons that escape me. So far you are mystified by how app passwords work. That is well beyond the scope of this forum. They are a passcode issued by the provider that will allow only a specific program to use it to access your account. They are based around the user agent string reported by the program accessing the mail account and off so little security, it is very easy for those who understand the process to make Thunderbird look like outlook to the mail server and side step the one application usage. But that is all irrelevant, you should be using oAuth as your authentication method. You really do not get to choose what you use. Your provider makes those decisions for you.
So keep talking to your support and paying for their advice, which is not very good it would appear. That is your right. But when they loose your mail do not post here asking for help pay them top fix the mess they have created.
I told you here https://support.mozilla.org/en-US/questions/1357462#answer-1458552 change the authentication method used. DO it and the matter is closed. but you appear to have spend an inordinate amount of time on this because your provider and you are not interested in fixing a minor issue. Recreating your account is about the worst thing you could do. Now I am done here. If you do not want my advice, and as you are not taking it you obviously do not want it. I have other things to do.
" you should be using oAuth as your authentication method. You really do not get to choose what you use. Your provider makes those decisions for you."
So which is it, I can or cannot change to OAuth? AFAIK the IP determines connection parameters. Why would OAuth function to keep my email working beyond Dec 7?
You really don't get to choose unless your provider offers multiple methods. Am I that hard to understand. Or are you being some sort of hair splitter.
Because oAuth is the preferred authentication method of the yahoo group It is supported by them. Normal password as they have emailed you is not going to be supported going forward. They do offer application passwords, but this is not a preferred method, it is a fallback for applications that are so old they do not support oAuth.
"Because oAuth is the preferred authentication method of the yahoo group It is supported by them. "
But this is coming from AOL, not Yahoo. Yes they and Verizon are part of the same mega corp, but AFAIK they have not consolidated their email backends. Nothing in the AOL help files mentions oAuth.
Is oAuth a proprietary thing by Yahoo or someone, or is it a new "standard" protocol that should work with any IP ?
Modified
FireFoxSucks said
"Because oAuth is the preferred authentication method of the yahoo group It is supported by them. " But this is coming from AOL, not Yahoo. Yes they and Verizon are part of the same mega corp, but AFAIK they have not consolidated their email backends. Nothing in the AOL help files mentions oAuth.No they are doing a good job of obfuscation the realities. The truth is you are on a yahoo back end. Even if it is loaded on a server cluster named AOL. Thew email you have just received is work for word the same as the exceedingly poor information yahoo issued a year ago. I might point out the engineer involved in yahoo and AOL oAuth for Thunderbird was the same person and that was years ago now.Is oAuth a proprietary thing by Yahoo or someone, or is it a new "standard" protocol that should work with any IP ?see https://oauth.net/2/ It is primarily a web authentication protocol, but with Yahoo, AOL, google and outlook all adopting it for mail it is being shoe horned into mail, despite requiring a browser window and cookies to work.
OK, I can change the authentication to oAuth. "Next attempt to get mail and be taken through the oAuth authentication process." What should happen? Before I start clicking I want to know if its going sideways.
An interesting and simple solution posted by Matt; thanks! I'm having a similar issue; after the password "upgrade", all seemed to be OK. It just took more than a day to restore all of the AOL inbox to Thunderbird inbox (lots of emails). But the "sent" folder won't sync. Neither did the default trash folder. Some local folders did, some didn't. Drafts folder disappeared. All filters to route incoming mail to specific folders are gone. So, went looking and found this thread. Currently, both incoming and outgoing are set to normal password. Before I tried Matt's solution, I checked: the oAuth option appears for incoming, but does not show for the outgoing server. Any ideas?
An additional piece of info; the sent folder is working, that is, all newly sent email is in the folder. It just doesn't sync with the AOL sent folder. And the server settings are the same as before (POP for incoming, SMTP for outgoing)