Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

On primary password window, when click Cancel, close window AND prevent Thunderbird from opening

  • 4 replies
  • 0 have this problem
  • 1 view
  • Last reply by jimform2k1

more options

Hello,

When the primary password window opens and I click Cancel, can that window close AND can it prevent Thunderbird from opening?

Example: what if I bring my pc to a repair shop and they open thunderbird and click Cancel on the primary password window. They can See my previously viewed email. I do not want them to see those. Clicking Cancel AND closing Thunderbird would prevent them from seeing emails.

Could this be a future enhancement?

Thanks

Jim

Hello, When the primary password window opens and I click Cancel, can that window close AND can it prevent Thunderbird from opening? Example: what if I bring my pc to a repair shop and they open thunderbird and click Cancel on the primary password window. They can See my previously viewed email. I do not want them to see those. Clicking Cancel AND closing Thunderbird would prevent them from seeing emails. Could this be a future enhancement? Thanks Jim

All Replies (4)

more options

This is a known shortfall of that feature, and the bug report to fix it has been in discussion for years. Like you, I would like to see this fixed, but there is no known (to me) anticipated fix date.

Helpful?

more options

Interesting. How can 'we' escalate?

Helpful?

more options

jimform2k1 said

Interesting. How can 'we' escalate?

You can not really.

Unlike David I think the whole idea is not required. Many suggest they need it. Mostly, I think, failing to understand that security through obscurity is no security at all and this sort of password is just that, no security at all.

The data in your Thunderbird profile is stored in plain text. So having a password or not does not in any way limit the access to your data/emails to someone savy enough to look at your hard disk (like the repair technician in your scenario) The primary password is designed and has always been designed to protect your passwords and it does that.

If you want to protect your data, there are operating system user accounts and disk encryption that will be available to secure your data in a far more secure method that this feeble password ever could however there are plenty of folk that think they need a password for varying reasons.

Here are some others that think as you do that have made suggestions in the ideas forum that is linked to from the Thunderbird help menu. https://connect.mozilla.org/t5/ideas/master-password-for-thunderbird/idi-p/10775 https://connect.mozilla.org/t5/ideas/primary-password-was-master-password-to-block-access-to/idi-p/25967 https://connect.mozilla.org/t5/discussions/when-the-password-isn-t-entered-dont-t-let-the-program-start-run/m-p/21214

To the best of my knowledge this was first put up as a bug some 25 years ago. as Bug 16489 y Ninteen years ago Bug 318697 was opened for essentially the same thing. It was fairly promptly closed as invalid as the then master password was for password protection and extending it's function to include the profile was not considered a valid request.

Then 5 years ago Bug 1566458 was opened and discussion commenced again. Fundamentally I do not think there is much will to ever implement the change that is requested.

I think the discussion there between David and myself may be what lead to the bug being restricted regarding comments. But I still maintain that it is not something to enter into lightly. Before any move into password protection there needs to be some serious decisions made. Will the data be encrypted when password protected or is this to be tinker toy security that has no purpose other than to shut up those that keep asking for it? If this is a data protection process, what happens when;

  1. An incorrect password is entered. Do we delete the profile / Do we delete after XX incorrect attempts?
  2. A password reset occurs, given the reset assumes you do not know the password not removing data leaves it open to those the password was meant to protect from?
  3. Do we leave the data there for eternity after multiple incorrect passwords,exposed to a brute force attack?

Helpful?

more options

If you click Cancel (on primary window), close/terminate Thunderbird. Do not allow Thunberbird to open for any reason if Cancel is clicked. Must be too easy to do.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.