As near as I can tell, this 'default' app password is not actually functional. Naively, I thought that would work with ThunderBird. When I setup MFA with O-365, it created an app password as part of the process. I was able to finally resolve the issue by basically turning it off and turning it back on. TL DR - Don't use the initial app password, create a new and unique app password for every app. You are correct, app password must be completely unique.