Sequence of steps to set up Gmail with 2-factor authentication and Thunderbird
The instructions on interfacing Gmail and Thunderbird are fragmented across Thunderbird Help and Gmail Help and the respective community forums, and are in some cases contradictory. What is especially hard to figure out is the sequence of steps to perform. In case helpful, I am posting here what worked for me. I was adding one Gmail account to a Thunderbird already set up with one non-Gmail account, on Windows 10 PC.
(1) Enable IMAP in your Gmail account. a. NOTE: Some online instructions claim this is automatic in new Gmail accounts, but this is not the case. If you do not have IMAP enabled and go through with the Thunderbird setup, your account may appear to be set up in the Thunderbird interface, but you will keep getting an error message when it contacts Google: “Current operation on Inbox did not succeed, Mail server for account responded unknown command”
b. Steps to enable IMAP i. In the Gmail account, click on the gearwheel icon in the top right and select Settings ii. Go to the tab “Forwarding and POP/IMAP” iii. Go to IMAP Access and check if IMAP is enabled. If not, click Enable IMAP iv. Go to the bottom and click Save Changes
(2) Set up 2-factor authentication in your Gmail account a. NOTE: Unless you set up 2-factor authentication first, you will not be able to obtain an App-specific password which you will need to enter when you create your Thunderbird account
b. Steps to enable 2-factor authentication i. In Gmail, go to My Account>Sign-In and Security>Signing into Google. Go through the steps to set up 2-factor authentication.
(3) Set up an App-specific Password a. NOTE: I haven’t found any other way to get the the App passwords page except the one described here. Any better methods appreciated.
b. Steps to set up the App-specific password i. In Gmail, go to click on the gearwheel icon in the top right and select Help. ii. Search for "App specific password". iii. Click on "Sign in using App specific passwords" iv. Click on "How to generate an App specific password" v. Click on the link provided for the App passwords page. The link is https://security.google.com/settings/security/apppasswords vi. Select Mail from the dropdown for Select App, and select your Computer from the Select Device dropdown. Click Generate and you will see the 16 letter code that is your App-specific password. Note it down carefully (to be shredded as soon as setup of Thunderbird is complete). vii. Your App-specific password page should now read as follows: Mail on my Computer, created at [Time], and under Access there should be a button Revoke. Remember this in case you ever want to remove Thunderbird Access. viii. Log out of Gmail and close the browser.
(4) Set up your Gmail account in Thunderbird a. Open Thunderbird and go to the icon of horizontal stripes in the right top corner. Pull down the dropdown and click on Options>Account Settings. b. Go to the bottom of the left panel of Account Settings and click on the dropdown “Account Actions”, then click on Add Mail Account c. Go through the steps as Thunderbird automatically configures your account noting the following points. i. Enter the 16 digit code for your App-specific password and make sure Save Password is checked (this is the default) ii. When your browser opens at your Gmail account, enter your Gmail password iii. After setup is completed, in the Account Settings for your Gmail account, in Server Settings>When I delete a message, Google recommends clicking Just Mark it as Deleted, which is different from the automated configuration Thunderbird set up – fix this. iv. Verify that for both Server Settings and the Gmail SMTP server, Authentication Method is set at OAuth2. Thunderbird should have configured this automatically, and this is important for working with Gmail. It should be correct, and you're all set. v. Click OK to close Account Settings
(5) Remove redundant passwords from Thunderbird a. NOTE: 3 passwords may be saved by the above process, but only 1 is needed. This step removes the redundant passwords to improve security.
b. Open Thunderbird and go to the icon of horizontal stripes in the right top corner. Pull down the dropdown and click on Options>Options. c. In the Options dialog, click on the Security tab and then on Saved Passwords d. You may see 3 passwords for the Gmail account (for gmail sites starting with imap, oauth, and smtp, which will be used as nicknames below). If so, delete the "imap" and "smtp" passwords to enhance security. Keep the "oauth" password which is all I found I need.
i. NOTE: I found when you click on Show passwords, the "imap" password showed the 16-digit app-specific password, the "smtp" password showed the Gmail account password, and the "oauth" password showed a hashed or encrypted password. Since the "imap" and "smtp" passwords are not needed, it is more secure to only have the "oauth" password
(6) Consider if you want to set up a Master Password in Thunderbird a. NOTE: Your saved password will permit seamless access to Gmail from your computer. Thunderbird does not seem to work with Gmail without saving the password. If the password is not saved, Thunderbird will hang up instead of prompting to enter your password, as with some other email providers. If you want to control access to Gmail from your computer, consider adding a Master Password in Thunderbird.
b. For instructions how to set up a Master Password in Thunderbird, go to Thunderbird Help.
Izmjenjeno
Svi odgovori (8)
Any reason you're not using OAUTH2?
Zenos said
Any reason you're not using OAUTH2?
Hi Zenos, Indeed I am using OAuth2. I specified in the instructions just to verify that OAuth2 is being used since this is an issue that has been mentioned on the community board. Sorry if that isn't clear. I will rephrase a bit to try to make it clearer.
RE: NOTE: Unless you set up 2-factor authentication first, you will not be able to obtain an App-specific password which you will need to enter when you create your Thunderbird account.
If you are not using another device like a phone to access gmail, then you do not need to set up a '2 step verification' . So you would not need an app specific password. This is only needed if you intend to use something in addition to Thunderbird eg: a phone.
So if you do not use a phone and just need Thunderbird to get access then select the gmail account option to use 'Less Secure apps' and use you normal password - the one you use to access webmail.
Once mail account is created, it will ask you to logon to google using normal password and then a special password will be created and added to the stored passwords, this is used to access via OAuth2.
Izmjenjeno
re :Open Thunderbird and go to the icon of horizontal stripes in the right top corner. Pull down the dropdown and click on Options>Account Settings.
This is one way of adding a new existing mail account, but you can use any of these methods: Via 'Menu Bar'
- 'File' > 'New' > select: 'Existing mail account'
Or Via Mail Toolbar:
- 'Menu icon' > 'New Message '> select: 'Existing mail account'
Two clicks and you have already opened the necessary window to create a mail account. So you do not have to do this by opening Account Settings first, although that method is perfectly ok.
Toad-Hall said
If you are not using another device like a phone to access gmail, then you do not need to set up a '2 step verification' . So you would not need an app specific password. This is only needed if you intend to use something in addition to Thunderbird eg: a phone. So if you do not use a phone and just need Thunderbird to get access then select the gmail account option to use 'Less Secure apps' and use you normal password - the one you use to access webmail. Once mail account is created, it will ask you to logon to google using normal password and then a special password will be created and added to the stored passwords, this is used to access via OAuth2.
Hi Toad Hall, Thank you for pointing that out. Indeed the process is much simpler for people who are not using 2-factor authentication to access their gmail account. With the amount of email hacking that goes on these days, it is often recommended to use 2-factor authentication to enhance the security of one's account, and I hope the way I wrote up the process for setting up the account with 2-factor authentication is helpful in that case.
Toad-Hall said
re :Open Thunderbird and go to the icon of horizontal stripes in the right top corner. Pull down the dropdown and click on Options>Account Settings. This is one way of adding a new existing mail account, but you can use any of these methods: Via 'Menu Bar'Or Via Mail Toolbar:
- 'File' > 'New' > select: 'Existing mail account'
Two clicks and you have already opened the necessary window to create a mail account. So you do not have to do this by opening Account Settings first, although that method is perfectly ok.
- 'Menu icon' > 'New Message '> select: 'Existing mail account'
Hi Toad Hall, Thank you so much for pointing out there are those menu and toolbars. In years of using Tbird I never figured that out and was often mystified how to do things. I now have the menu bar up !
What if your company's email administrator (using Google) has removed the ability to generate application specific passwords? Can Thunderbird use another technique for the two-step process?
The answer has already been given in this thread: https://support.mozilla.org/en-US/questions/1131530#answer-898522
Using OAuth2 authentication for Gmail eliminates the need for app passwords.