When Mozilla released Thunderbird 38 (38.0.1) on June 11th one of the new features was being able to use GMail within Thunderbird without having to go into your GMail account and enable the ‘less secure authentication’. Problem is, how to enable this feature in Thunderbird is poorly documented. After some searching, I found the answer in an unlikely place…the comments on the article from The Mozilla Thunderbird Blog announcing Thunderbird 38:
In an existing GMail account, you can switch the “Authentication Method” from “Normal Password” to “Oauth2″ (in both the IMAP and SMTP setup separately). Connection security should be SSL/TLS. If by “application-specific passwords method” you mean Google’s enabling of traditional IMAP passwords using their “less secure authentication” option, yes you can do away with that on an account using OAuth2 authentication.
From within Thunderbird go to Tools > Account Settings. Select the account you want to work with and go to Server Settings. For Authentication method click the dropdown arrow and select OAuth2. You will also need to repeat this process for outgoing (SMTP).
While in the Account Settings windows, on the left side select Outgoing Server (SMTP) then find and select your Google Mail SMTP account and click Edit… In the Security and Authentication section for Authentication method click the dropdown arrow and select OAuth2. Click OK and OK again to exit the Account Settings window.
Note: The software I use for screen capture only does the active window and cuts-off anything outside of that. After Kerberos / GSSAPI is NTLM then OAuth2.
I have not tried to test this as all my GMail accounts are so old I didn’t need to enable the “less secure authentication” option.