[NJTechDiv] FW: [NFBCS] FW: multi factor authentication

carcione at access.net carcione at access.net
Sat Jul 13 20:55:00 UTC 2024 

OK.  I knew Curtis was talking with you, but thought Steve had a different perspective.
If you get a resolution, please say what you did so I can share it with the CS list.  People are interested.
Tracy


-----Original Message-----
From: NJTechDiv <njtechdiv-bounces at nfbnet.org> On Behalf Of Mario Brusco via NJTechDiv
Sent: Saturday, July 13, 2024 4:35 PM
To: Tracy Carcione via NJTechDiv <njtechdiv at nfbnet.org>
Cc: Mario Brusco <mrb620 at hotmail.com>
Subject: Re: [NJTechDiv] FW: [NFBCS] FW: multi factor authentication

Tracy, my issue is not about establishing and using multi factor authentication (MFA), I just forgot to change the subject to a more appropriate subject to reflect my real issue.

And received a response from Curtis Chong, and have been discussing my issue a bit.

-------- Original Message --------
From: Tracy Carcione via NJTechDiv [mailto:njtechdiv at nfbnet.org]
Sent: Saturday, July 13, 2024 at 3:47 PM
To: 'New Jersey Technology Division List' <njtechdiv at nfbnet.org>
Cc: carcione at access.net
Subject: [NJTechDiv] FW: [NFBCS] FW:  multi factor authentication Mario, here is a detailed answer from the CS list.
Tracy


-----Original Message-----
From: NFBCS <nfbcs-bounces at nfbnet.org> On Behalf Of Steve Jacobson via NFBCS
Sent: Saturday, July 13, 2024 3:43 PM
To: NFB in Computer Science Mailing List <nfbcs at nfbnet.org>
Cc: Steve Jacobson <steve.jacobson at outlook.com>
Subject: Re: [NFBCS] FW: [NJTechDiv] multi factor authentication

Maybe this is obvious, but OAUTH2 is a protocol that has been used by GMAIL for a year or more now.  It is not the same as two-factor authorization.  For email clients that support it, an app-specific password is not required for GMail.  However, the process to make this work can be confusing.  I am assuming that HotMail is asking that OAUTH2 be used from the note that has been forwarded.

First, the email client being used has to support OAUTH2.  I would think this would be supported by Thunderbird, but if an old version is being used, it may not have this support.  This needs to be checked and Thunderbird might need to be updated to get OAUTH2 support.  I am not a Thunderbird user, so I do not know if or when such support was added. 
 From the email that was forwarded, though, it almost sounds as though the user's version of Thunderbird is supporting OAUTH2 but that is not handling something correctly.  Again, it might be necessary to upgrade to the latest version.

Second, what happened when I used this protocol for Gmail was that  I was routed to the Gmail log in page when I connected for the first time. 
  I had to enter my user-id and password, and I may have had to acknowledge I was establishing an OAUTH2 connection with my email client.  If the page one is connected to requires two-factor authorization, one might have to deal with that to establish the connection for the first time.  To be clear, if one is using Thunderbird to connect to HotMail, one should get connected to the Hotmail web page. 
  When this is done once, the email client should connect as usual without you needing to do this again.  There may be cases that credentials are requested again, but this doesn't happen often.  From the email that was forwarded, it doesn't sound like the user is getting automatically connected to the HotMail page that needs to happen to create the HotMail connection the first time.  Make sure that a web page isn't opening in a separate window.  One could easily think something opened by accident and close the window, not realizing the process was being cancelled.  Also, I have found that this process can time out if one doesn't act quickly enough.  Be sure the newer address given still supports POP.  Also, I don't know how Thunderbird knows when to make
OAUTH2 available as a choice, but I wonder if some incorrect assumptions are being made since this is a new process.  I also didn't think I had to authenticate for both the receiving and sending server, but this could be handled differently depending upon the email program.

I am not an expert in this area but hope the above is of some help.

Best regards,

Steve Jacobson

-----Original Message-----
From: NFBCS <nfbcs-bounces at nfbnet.org> On Behalf Of Nancy Coffman via NFBCS
Sent: Saturday, July 13, 2024 1:53 PM
To: NFB in Computer Science Mailing List <nfbcs at nfbnet.org>
Cc: Nancy Coffman <nancy.l.coffman at gmail.com>
Subject: Re: [NFBCS] FW: [NJTechDiv] multi factor authentication

gongle also has a setting called "allow less secure apps". You may need to check for something like that. The Microsoft Disability Answer Desk may be able to help.
Nancy Coffman

On Jul 13, 2024, at 10:41 AM, Curtis Chong via NFBCS <nfbcs at nfbnet.org>
wrote:

Hello:

I think we all need more information. I reached out to Mario asking to see the original email sent by Microsoft. Somehow, I don't think this is as simple as simply turning on two-factor authentication. Google has been on this path for quite a few years now, and for legacy applications, it forces you to create what it calls an app-specific password. Verizon.net also forces creation of an app-specific password. I am wondering of Microsoft is doing the same with Hotmail.

Cordially,

Curtis Chong


-----Original Message-----
From: NFBCS <nfbcs-bounces at nfbnet.org> On Behalf Of Tracy Carcione via NFBCS
Sent: Saturday, July 13, 2024 6:16 AM
To: 'NFB in Computer Science Mailing List' <nfbcs at nfbnet.org>
Cc: carcione at access.net
Subject: [NFBCS] FW: [NJTechDiv] multi factor authentication

A person in our New Jersey Technology committee is having trouble adding 2-factor authentication to his Hotmail account, which Microsoft says he must do.  He is using Thunderbird for email.
His message is below.  Can anyone help?
You can write him directly at
Mario Brusco <mrb620 at hotmail.com>
Or I can pass on messages.
Thanks.
Tracy


-----Original Message-----
From: NJTechDiv <njtechdiv-bounces at nfbnet.org> On Behalf Of Mario Brusco via NJTechDiv
Sent: Friday, July 12, 2024 4:17 PM
To: njtechdiv at nfbnet.org
Cc: Mario Brusco <mrb620 at hotmail.com>
Subject: [NJTechDiv] multi factor authentication

On July 3, I received an email from Microsoft notifying me that it would be necessary for me to update the sign-in technology of my Hotmail account before September 16th, 2024 to maintain email access.

Since I use Thunderbird with my Hotmail account using POP:

Basically, what I need to do is to change the authentication method of the POP and SMTP server to use OAuth2. It seems to be straight forward, but I'm finding that it's not.

The instructions specify that the address for the POP server should be outlook.office365.com, but immediately I receive an error that a login to office365.com cannot be completed, and therefore I cannot continue with the rest of the instructions. If I leave the address as POP-mail.outlook.com, I can then choose OAuth2 for the authentication method, and continue with the rest of the instructions.

Now, the SMTP server should be SMTP-mail.outlook.com, but there is no choice of OAuth2 for authentication. However if I change the address to SMTP.office365.com, I can choose OAuth2 for the authentication, but when I press the OK button, I receive an error that the login to smtp.office365.com cannot be completed.

The resource that started this mess is:

https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-an
d-thun derbird-202#w_changes-to-authentication

I would appreciate any help as to what the server addresses and other settings if warranted should be. I'd like to get this done as soon as possible so retrieving and sending email from me continues after 9/16/24.

_______________________________________________
NJTechDiv mailing list
NJTechDiv at nfbnet.org
http://nfbnet.org/mailman/listinfo/njtechdiv_nfbnet.org
To unsubscribe, change your list options or get your account info for
NJTechDiv:
http://nfbnet.org/mailman/options/njtechdiv_nfbnet.org/carcione%40acce
ss.net


_______________________________________________
NFBCS mailing list
NFBCS at nfbnet.org
http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
To unsubscribe, change your list options or get your account info for NFBCS:
http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/chong.curtis%40gmai
l.com


_______________________________________________
NFBCS mailing list
NFBCS at nfbnet.org
http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
To unsubscribe, change your list options or get your account info for NFBCS:
http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/nancy.l.coffman%40g
mail.com

_______________________________________________
NFBCS mailing list
NFBCS at nfbnet.org
http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
To unsubscribe, change your list options or get your account info for NFBCS:
http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/steve.jacobson%40outlook.com
_______________________________________________
NFBCS mailing list
NFBCS at nfbnet.org
http://nfbnet.org/mailman/listinfo/nfbcs_nfbnet.org
To unsubscribe, change your list options or get your account info for NFBCS:
http://nfbnet.org/mailman/options/nfbcs_nfbnet.org/carcione%40access.net


_______________________________________________
NJTechDiv mailing list
NJTechDiv at nfbnet.org
http://nfbnet.org/mailman/listinfo/njtechdiv_nfbnet.org
To unsubscribe, change your list options or get your account info for
NJTechDiv:
http://nfbnet.org/mailman/options/njtechdiv_nfbnet.org/mrb620%40hotmail.com


_______________________________________________
NJTechDiv mailing list
NJTechDiv at nfbnet.org
http://nfbnet.org/mailman/listinfo/njtechdiv_nfbnet.org
To unsubscribe, change your list options or get your account info for NJTechDiv:
http://nfbnet.org/mailman/options/njtechdiv_nfbnet.org/carcione%40access.net

More information about the NJTechDiv mailing list