By default, all new Yahoo! email accounts do not allow access via username and password over IMAP. All accounts created prior these updates have the “allow less secure” apps setting enabled (meaning it’s okay to connect via username/password). Users are able to view and modify their setting on the Account security screen:
Since the new setting was not retroactively applied to existing accounts, the vast majority of Yahoo! users are able to connect to applications. However, Yahoo! has sent follow up emails to some users warning them that the application does not “meet Yahoo’s recommended security standards”. The warning email also includes instructions how to modify the “allow less secure” setting:
Ultimately, the best solution to this issue is to use OAuth to connect to Yahoo over IMAP. If you do not have a Yahoo OAuth key, then we highly recommend you alert your Yahoo! users to the new setting to ensure it’s properly enabled.