How I made x-notifier work for me

sabaysal's picture
Submitted by sabaysal on Fri, 04/01/2016 - 20:46

Forums:

Firstly, I should thank the author for this wonderful extension. It's hard work, and with firefox being as customizable as it is, something is bound to break only too often. Sometimes you can search and find how to troubleshoot, sometimes you just give up. That being said, I would like to share what I've learnt from experience about gmail, outlook and yahoo.

1. x-notifier works sessions and cookies, ie creates sessions with saved passwords and also saves the cookies for quick checks.

2. app passwords do not work with x-notifier, you have to use normal passwords, if you're lucky(!) it'll ask for your 2-factor-authentication password once, and if you're still lucky, never again. if not, it'll ask for it whenever the browser restarts (4 gmail accounts, all with 2FA, only 1 has this behaviour)

3. disabling 2FA, having x-notifier check for email and succeed, enabling 2FA again will probably solve any 2FA related misconfiguration, only until some seemingly unrelated setting is changed, then even if the change in settings is reversed, x-notifier can't solve it on its own, you have to go through the disable 2FA, check email, enable 2FA cycle one more time.

4. firefox should remember history, or at least accept cookies until they expire.

5. troubleshooting algorithms start with adding the extension and then the problem account to a new profile, and works its way through if it works with that profile. if it doesn't, there's no info about that. the thing is, if it doesn't work with a new profile, it's probably related to the security settings of the account itself, which x-notifer can do nothing about.

 

neil's picture

neil

Sat, 04/02/2016 - 08:05

Hi Sabaysal. It's a good review.

Would you say that you're describing a problem that sometimes occurs with Gmail 2-factor-authentication?  And the reason for your message is to offer a procedure for eliminating the problem?

I don't know if this tobewithu-webpage will allow you to edit the title of your original message or not.  As your message is listed with all the other threads, it would help to rename it with something more specific and descriptive, such as "Gmail 2-factor-authentication."  For instance, there are a few problems running around X-notifier at the moment, and your title suggests that you found the answer to all of our problems.

2-factor-authentication has certainly been mentioned in these threads, so recommendations for getting X-notifier to work with it is appreciated.  You mentioned 1 out of 4 gmail accounts that was especially bothersome.  Please let us know if you were able to get it down to 0 out of 4; thanks.

-neil-

sabaysal's picture

sabaysal

Mon, 04/04/2016 - 23:06

I have 2 yahoo, 2 outlook, 4 gmail accounts with 2FA. All of them use sms/call or email for 2nd password. In addition they may use some kind of app to generate a second password. With yahoo, you need to install yahoo mail app on your phone (apparently this mobile app authorizes you with one tap). Gmail presents you a qr code, which you can use to match your account to you 2FA app (e.g. google authenticator or authy or some other app). it's usually time based, i.e. doesn't work if time settings in your phone are not correct. Outlook does use google authenticator if correctly set up, but prefers an app called "microsoft account" for android devices. this app can authorize you with one tap or it can generate 2nd passwords if required.

if I suddenly become paranoid about security, I may clear my browser's cache, history and cookies. this will sign me out of anything I've signed in, including xnotifier's sessions. this will ask for new 2FA passwords (after sign-in) for every applicable account.

if I suddenly become paranoid about the security of a particular account, I may go to account preferences page for that account (https://myaccount.google.com/, https://account.microsoft.com/privacy, https://login.yahoo.com/account/personalinfo) and sign myself out of any one session or all sessions, which may also include mobile browsers and apps and games. this will ask for new 2FA passwords if I sign in again. the account preferences pages usually display last login timestamps and location info for sessions and also the time any specific app-password was last used (app passwords I did generate for xnotifier were never used) (gmail and yahoo can revoke app passwords one by one, outlook can only revoke all of them).

(all these are methods to secure your account without changing your password. yahoo, gmail or outlook may require you to change your password/review sign-in attempts/validate yourself even if 2FA is turned off, if sign-in attempts seem to be originating from unknown locations, regardless of valid cookies or known browsers.)

these changes will expire old cookies and generate new ones, but this would not pose any problem if not for 2FA because passwords are already saved in xnotifier. yet new cookies cannot be generated if browsers/sessions cannot be validated through 2FA, which xnotifier sometimes fails to acknowledge in its user-interface. it seems one cannot ask for more security and still check one's emails without much hassle.

after disabling 2FA, checking email with xnotifier, enabling 2FA in my accounts, all of them can check and show new email. 2 most used accounts, 1 gmail and 1 outlook still had glitches (suddenly stopped working after a few checks). outlook was solved with using microsoft account instead of google authenticator. microsoft account does not give a numeric 2nd password to type in (unless you ask for it), you just a tap on a notification in your android phone. after 1-2 authorizations, xnotifier checks and shows inbox count without needing 2FA. the gmail account still asks for 2FA password with every browser restart or any change (like adding an account) in xnotifier settings that forces every account to check again. I think I can live with this much hassle.

"use multiple login" and "keep session for links" need to be checked and stay checked in settings. when I experimented with combinations of them on or off, some accounts stopped working when unchecked and did not work again even if changed to checked again.

even if the xnotifier shows an account as working/signed-in, clicking on the account may not take you directly to your email, but require you sign-in again. sometimes it's the other way around, the account is greyed out, the number of emails is not shown, but clicking on it will take you to your email, no password asked (in such cases, clicking on the account to check email, signing out, signing in again will fix the greyed out account and show the number of emails). if auto-login default account is checked, xnotifier may take you to the default account instead of the one you clicked. it's confusing, at best.

manually checking an account in a non-xnotifier generated tab and seeing if you are directed to any arbitrary pages before you are taken to you email (as referenced for yahoo below) is worthwhile if you're sure you haven't been messing with cookies yet xnotifier suddenly stops working for a particular account.

FAQ says multiple login has xnotifier copy cookies to browser. I wonder if xnotifier can copy cookies from browser to itself. it could potentially solve many problems we're having.

jeroen's picture

jeroen

Sat, 04/02/2016 - 08:41

Yes, I agree: very helpful effort from sabaysal gathering these possible solutions.

@neil: Your original post offers a View and an Edit tab, allowing you to edit the Subject (title). See for yourself: http://xnotifier.tobwithu.com/dp/node/2843