App paswords

Hi all,

I am new user in disroot (awesome service I have to say) and I am trying to configure Thunderbird to use IMAP using an app password but it does not work.
Is it possible to do it? or else is it planned to implement this feature also in email app?

Hi manu,
Glad you finaly contacted us. We have noticed that you have been trying to log in with wrong credentials the whole day. after you enter wrong credentials too many times, fail2ban kicks in, which means your access is blocked for about 600 sec.

Please verify again your username and password (your username without ‘’). You can find the rest of the imap setting at

This might be also useful:

Hi, same problem here. 2 factor authentication work like a charm, app password for nexcloud app works great, but for some reason can’t connect with app-specific password to k-9mail.

Tried with disable/enable 2 factor authentication and nothing, even wait for 2 day (brute force protection), still nothing. Tried with and without, differents apps password. Clearly i’m doing something wrong, but don’t know what.

Big help if you can point me in the right direction.

Thanks you for the time, love disroot

IMAP does not support Two Factor Authentication. In fact both nextcloud and IMAP are seperated services.

This means in order to use IMAP (k9, thunderbird, geary, nylas, outlook etc) you need to use your disroot user credentials and not app passwords generated in nextcloud. This does not mean you need to switch off two factor authentication, those systems are independent of eachother.

Additionally, we run anti-brute force service in the background to prevent brute force attempts via IMAP protocol (user IPs are temporary blocked after putting the password wrong too many times). Currently notification of such event are sent only to our support account which we later manually forward to users when the IP banning by anti-brutte force service happens frequently on single user.
In the near future users will be informed of such even automatically upon each temporary IP blockade.


Wow! this was quick. So, is possible to have imap and 2 factor authentication, great news. That is what really needed, is insane how just i assume the 2 work together and don’t tried with the passwd.

Thank you for your time and the quick response.

Glad we could help.

We get a lot of questions on support email and every week few people being blocked so we should make sure this information is more “in your face” to avoid confusion.

Thanks again