What are some respected internet security experts opinion on oAuth's security or privacy, right now - not what it may be in the future? Do its current downsides outweigh advertised benefits? ATT touts that oAuth encrypts UN / PWs. Isn't that what TLS does? I don't think Thunderbird sends login data in clear text. My main questions are about oAuth - security, privacy. I've read a good bit on it. Like all things internet, it's had its security problems. I'm not sure if oAuth increases real world security over a (longer) random char PW in Tbird. If Tbird solves the oAuth issues w/ yahoo / ATT, I don't know whether to use oAuth or a good random PW. AT&T is changing requirement for email CLIENTS (only) to use oAuth. Or, if you don't use an oAuth compatible client, AT&T generates a 16 char "secure mail key," which will replace (my current 24 char) server PW. Not sure how reducing PW length increases security. Fortunately, I don't use ATT email for anything important or private. I use Tbird 68.1 - Linux. My understanding is Tbird is oAuth compatible, but NOT w/ yahoo / ATT (yahoo provides ATT's email service). I forgot the finger-pointing reasons given why Tbird won't work. There's a Yahoo / oAuth selection in Tbird for type connection, but I've read there are problems on ATT / Yahoo & it's not listed as a compatible client. Apparently, new or replacement keys can only be generated by ATT, You copy to clipboard or write down. I'm not thrilled about them issuing my PW or reducing the length. Special chars have never been allowed. Probably issuing PWs to stop use of easy dictionary word PWs. If I've overlooked important points, please let me know. Thanks.