XP user, prior version user, OAuth2 chokehold - help!

[Bill_Texas]

This message is directed for those who are great enough to help rather than lecture about using XP or old versions. My reason for XP and using POPP 4.5 there are well reasoned, and if you can aid me, thank you, as I would or will do for you sometime. I have great fondness for Pop Peeper and Jeff.

If using POPP on my desktop XP becomes impossible, then it is what it is and I'll shift all email usage to my Win 7 desktop, which has consequences but if I must, I must. If staying on 4.5 is impossible on my XP, I don't believe an upgrade will work, due to various crippling issues that have accompanied software updates for that machine. In particular, IE is nonfunctional; Firefox 5 is next to unusable (and new versions simply won't run). I limp by with an old version of Opera. (I even ceased Microsoft updates many years ago because they caused more problems than benefits.) Believe me, I've attempted updates, and they either conflict with DLLs or chew unmanageably too much RAM or GDI or CPU itself (generally all 3). Maybe POPP 5 will work on that machine with limited resources and memory, but through no fault of the company, it may be too much to bear on THIS XP box. I fear that attempting v. 5 will fail, and then I'll lose any chance of POPP on my XP box.

If you're scowling or rolling your eyes, save it. I DO have current Firefox and up-versioned POPP on non-XP machines. For reasons, I wish to keep XP going, so thanks in advance for assistance.

My setup is several hotmail.com, outlook.com and one live.com accounts.
-> Each is IMAP; SSL/TLS; imap.outlook.com; 993.

I really do NOT want to give my cell number to Microsoft (which between us girls is surely part of why this whole thing is being done by them), if I can be walked through the way to avoid that. (It is possible; I once did it on a Win 10 work machine using Outlook email proper, though it took me a couple of hours to figure it out, using a 3rd party aid.)

HERE IS WHAT I GET NOW on XP: after selecting an account and F2, when I click the OAuth2 *button* (not a dropdown on 4.5): what looks like an Internet Explorer style dialog, which always says "Navigation to the webpage was canceled."

I put POPP 4.5 on a Win7 machine. Pushing the button does additionally give me a box asking me if I mind deleting and reauthorizing credentials; I click yes, and type in the live.com account email password in the Microsoft box and click "Sign in" button; but just get a flash of something, and I'm back to the F2 account edit screen, and nothing has changed.

Every account has worked up until now(though some intermittently, not logging in sometimes, at least the Hotmail ones). Today, early the morning of 16 Sep 2024, the big ScrewYouWe'reMicrosoft day, so far I'm able to access a live.com and hotmail account.

[Bill_Texas]

To clarify
- I really want to keep running PP on XP, but I don't think PP 5 works there. XP with 4.5.0 would be awesome (even if Microsoft is fighting to stop me. They know what I want better than I do).
- As described earlier, clicking the OAuth2 button on that XP box, with 4.5.0, seems hopeless.

- If I have to use W7, will 4.5 work? Right now it's refusing to accommodate.

- For whatever I end up using, can I get directions on avoiding using a cell phone?

The rest here is for a forum expert. I wish I could make the rest here italics and tiny:
(By the way, bold, italics etc. icons are all gray. Even "tiny" font seems to do nothing. BBCode says on. Firefox 130, NoScript trusting esumsoft scripts)

[Jeff]

Use an app password.
https://www.esumsoft.com/news/notice-gm ... peeper-v4/

[Bill_Texas]

Thank you for the response and suggesting app passwords. Google says "App passwords can only be used with accounts that have 2-Step Verification turned on." Durn, I don't WANT 2 factor even though I.T. people insist that I will die of some virus if I don't.

But if I'm being forced ... I recall that I set up 2 factor on another device by using Google Authenticator and did not need a cell phone. So it seems I need to go account by account and do that. I suppose I'll somehow be using browser outlook.live.com to do them (each one are NON-gmail accounts). I hope I can find a stepwise guide or YouTube to know how to proceed and what comes next.

Is this going to work for 4.5 on XP? Just clicking the OAuth2 button is a dead end there now. And since Microsoft seems to be forbidding POP and IMAP (right?), I'll need to change those settings too I would think.

It seems neurotic that I'm clinging so hard to XP, but PP has been perfect, PERFECT on XP for literally decades, until MS declared jihad. I'm willing to go through a many-hour hell of learning and performing steps if I can keep "what ain't broke that they're fixing" with XP. But I don't think I can run PP 5 there.

[Jeff]

Each service will have different requirements for creating an app password. Just search for "<service> app password" and you should find it; e.g. for Outlook: https://support.microsoft.com/en-us/acc ... f2979a7944

I'm not going to guarantee anything for XP, but it should work; it's the same as using a regular password.

I'm not sure what you mean by forbidding POP and IMAP, but that is not the case. Oauth2 is not directly related to POP or IMAP, if that's what you're referring to. Oauth2 is just one of several methods of authenticating your login credentials that POP3/IMAP supports.

[Bill_Texas]

Perhaps this only applies to Exchange Servers. I'm talking over my head; I have zero IQ server understanding. My POP and IMAP concern is from the first sentence.
"We removed the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Autodiscover, Outlook for Windows, and Outlook for Mac.

We also disabled SMTP AUTH in all tenants where it wasn't being used.

This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication. For example, OAuth access tokens have a limited usable lifetime, and are specific to the applications and resources for which they are issued, so they cannot be reused. Enabling and enforcing multifactor authentication (MFA) is also simple with Modern authentication"

Also noted,
"Basic authentication is now disabled in all tenants.

Before December 31 2022, you could re-enable the affected protocols if users and apps in your tenant couldn't connect. Now no one (you or Microsoft support) can re-enable Basic authentication in your tenant.

Read the rest of this article to fully understand the changes we made and how these changes might affect you.

For many years, applications have used Basic authentication to connect to servers, services, and API endpoints. Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device"

Later,
"Note

The deprecation of basic authentication also prevents the use of app passwords with apps that don't support two-step verification"

All above is from
Deprecation of Basic authentication in Exchange Online _ Microsoft Learn
https://learn.microsoft.com/en-us/excha ... nge-online

[Bill_Texas]

Okay, I mis-"parsed" it. They're discontinuing Basic authentication for IMAP and POP, not discontinuing IMAP nor POP.

It's all very confusing. It came across to me at first as "if you use name/password to login, that will no longer work". That said to me that PP was toast. I'm still very confused by OAuth2, app passwords, and using Google Authenticator, and if they work with XP, or with earlier PP versions, so I've got a painful trial and error hell ahead.

[Jeff]

I do believe that Exchange servers may have different rules; e.g. I think that they shifted to the Oauth-required model a while ago. There is a section in the article you linked that's specific to POP3/IMAP, though it doesn't really shed any light. The part you mentioned about "also prevents the use of app passwords with apps that don't support two-step verification" *may* not be relevant. Usually, providers make special concessions for email because it's not practical to use 2-step verification.

Let me know if it doesn't work. That being said, unless Outlook really doesn't allow app passwords to work anymore, it's not that much more difficult than just using a password.

[Bill_Texas]

Sorry to delay reporting back as I had to set aside time to set up numerous accounts (and catch up on emails, since they stopped retrieving 27 September 2024).

I was not able to resuscitate any hotmail, outlook or live.com accounts on XP. Clicking the OAuth2 just gave "Navigation to the webpage was canceled" on the "form above to log into you account and allow POP Peeper access." (Clicking retry button gives "This program cannot display the webpage") (FWIW, this was on an old version of POP Peeper on XP that I do not want to upgrade).

However I was able to get all accounts to work on Windows 7, PP 4.5, by in each case creating an account with IMAP and clicking the OAuth2 button, which displays the "Microsoft form", and entering the password for the account, clicking "Accept"(a couple of them did not offer the "Accept" dialog but worked), clicking Update, and bam, Pop Peeper works to retrieve messages.

It couldn't have gone easier (on Win 7), no phone number needed, just the password, and the nifty OAuth2 button. Thanks for the (as usual) fine programming.

[The failed form on XP "looks like" it's trying to load using Internet Explorer (I'm thinking I once specified that as a default browser for PP?). Anyway if so, it's IE8 which I only use it for desperation situations; an old Firefox version is my default browser there, and I primarily use an old version of Opera there. I still might be able to use XP if I could just load that form.]

I have reasons for hanging on to old hardware and software, which would be difficult to explain to those who simply always upgrade, and are convinced that anything else is summarily silly/unsound/unsafe. I just say, bless their hearts.

P.S. I don't use gmail in PP; I understand it is different and requires a PP upgrade at minimum. I read the page you linked for me and it's extremely clear, if I ever go that route.