To use Thunderbird to access your Gmail account, Google will tell you that you must allow “Insecure apps” in your Google security settings. However, since version 38, Thunderbird has supported Oauth2 with Gmail, so you don’t have to enable “Insecure apps”. Google just doesn’t tell you that.

Here I will show you how to change the authentication method on existing accounts from using a saved password, to using a key, namely Oauth2. It allows controlled access for an app, to a set of features that you allow. In this case it will be for just your emails, not your entire Google account like it does now.

In Thunderbird, go to Account Settings in the menu. Under the Gmail account that you want to enable Oauth2 for, go to Server Settings. Select Oauth2 from the drop down menu next to Authentication method.

Do the same for sending mail, by going to the Outgoing Server on the left side, selecting the Gmail account, and selecting Oauth2 from the drop down menu next to Authentication method.

Save the changes by hitting Ok.

Now that we’ve made the changes, we need to removed the saved passwords. Otherwise Thunderbird may keep on trying to use the old passwords. Go to your saved passwords at Preferences > Security > Saved Passwords.Next, restart Thunderbird.

When Thunderbird starts back up, it will show you a prompt for your password. This is actually a web portal that is asking for your user name and password to log in, so you can grant access to Thunderbird.

Go ahead and log in.

Once you have logged in, Google will ask for your permission to allow Thunderbird to access your emails.

Click “Allow” (otherwise this will have all been for nothing…)

And you’re done! Doing this once will enable both the incoming and outgoing emails to work.

Turn off “Allow insecure apps”

If Thunderbird was the only application that was logging in with your password, you should be able to go into your Google account security settings and change “Allow Insecure Apps” to off.