OAUTH Problem (Gmail or Yahoo)
• You are unable to authenticate using your username and password and your provider is Gmail/Yahoo, and a SoftRAID error dialog indicated that the problem is OAuth-related.
• In order to verify if this is your problem, you will have to:
– Log in to your email inbox
– Look for an email from your mail provider (Gmail/Yahoo) that begins as in these examples:
Subject Line: Review blocked sign-in attempt
Google just blocked someone from signing into your Google Account
firstname.lastname@example.org from an app that may put your account at risk…
Subject Line: Sign in attempt prevented
Your account is currently not enabled to sign in from apps, that do not meet
modern security standards (ex. Older versions of mail and calendar apps such as
Outlook). As a result, we prevented a sign in to your Yahoo account…
Google and Yahoo have adopted a new security protocol (OAuth 2.0) that by default, disrupts most desktop mail applications, SoftRAID included. Apple, however, has not implemented Oauth 2.0 for security reasons, so we are not going to support OAuth until Apple does. If SoftRAID’s email notifications fail for this reason, you will receive an email that indicates as much. This email includes instructions for resolving the problem.
The instructions to fix this issue are contained in the email Gmail sent you (along with scary warning text!)
In this email you will see the following sentence and link:
You can continue to use this app by allowing access to less secure apps
Click on this link to change your Gmail settings to allow access for less secure apps.
Similarly, Yahoo includes instructions to fix this issue in the email they sent you:
Go to https://login.yahoo.com/account/security#other-apps and turn on the setting labelled: “Allow apps that use less secure sign in.”
Click on this link to change your YAHOO settings to allow access for less secure apps.
Less Secure Apps! What’s that? Is it dangerous to change? (Hint: No)
Despite the alarming warnings, SoftRAID is not actually any “less secure” than any other mail client. As long as you are connecting with SSL or TLS, all communication with your mail server is encrypted, and safe from intrusion. The forced adoption of OAuth 2.0 is something of a political matter, disguised as a security issue. Even the original author of OAuth 2.0 now disavows the current implementation of OAuth 2.0, and its heavy-handed deployment by Google, Yahoo and Facebook. Check out the author’s blog post for more info, or one of the many news stories summarizing his blog post: