Authenticating with Yahoo & AOL

The following instructions apply not only to Yahoo and AOL, but to other related providers such as AT&T and SBC Global.

It is important to note that using the target account’s main account password for basic (legacy) authentication is not allowed. You can perform basic authentication using an App Password, or modern authentication using the main account password.

Basic Authentication with App Password

You can authenticate Forensic Email Collector (FEC) by generating an App Password as follows:

Sign into the target account and go to the Account Security page at https://login.yahoo.com/account/security (or https://login.aol.com/account/security for AOL)
Click External connections > App passwords > Create app password
Give your App a name (e.g., FEC) and click Generate password
Copy the password to your clipboard using the Copy button
Follow the instructions below the password
Click Done
Use this App Password and the target email address to authenticate

Please review Yahoo’s support page for details.

Authenticating with AT&T

Similar to Yahoo and AOL, AT&T also requires that an App Password (or as AT&T calls it, a Secure Mail Key) be used to authenticate instead of the target account’s main password.

You can create a Secure Mail Key as follows: Create a secure mail key

Note: It is important to follow the Profile link in the above article (repeated below) as the Profile menu may be unreachable through AT&T’s webmail interface.

https://m.att.com/myatt/native/deepLink.html?action=Profile&appInstall=N

Once you follow the above link and authenticate, you should find the Manage Secure Email Keys menu toward the bottom of the page.

Modern Authentication

FEC can perform modern authentication against Yahoo / AOL. In order to enable modern authentication, please check the Use OAuth option when setting up the acquisition.

Please note that modern authentication does not require the use of an App Password. Instead, authentication is performed using the main account password.