Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

সহায়তা খুঁজুন

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

আরও জানুন

Login Password can be bypassed by cancelling 3 times

  • 5 উত্তরসমূহ
  • 5 এই সমস্যাটি আছে
  • 7 দেখুন
  • শেষ জবাব দ্বারা Robert5040

more options

If I cancel the password prompt 3 times, Thunderbird allows me access as though I had put in the correct login password.

Windows 10; Thunderbird 38.2.0

If I cancel the password prompt 3 times, Thunderbird allows me access as though I had put in the correct login password. Windows 10; Thunderbird 38.2.0

All Replies (5)

more options

Does it let you download new messages, or send messages?

Zenos দ্বারা পরিমিত

more options

Yes, I can send and download messages ... everything as though I had put in the password.

more options

Sorry, my apologies ... It doesn't allow me to send/receive messages, but I can view all the messages.

more options

Well, strange as it may seem, Thunderbird is working as designed.

For your convenience, it stores passwords so you don't have to key them in every time you open Thunderbird. It allows these stored passwords to be protected by a Master Password, so only someone who knows the Master Password will be allowed to use or see the stored passwords.

It wasn't designed to protect the contents of your messages; the assumption was that you'd get this type of security via the Operating System's user accounts. So if you leave your computer unattended, you'd perhaps want everything to be locked down via a password-protected screensaver.

More here: http://kb.mozillazine.org/Protecting_the_contents_of_the_profile_-_mail

Personally I use the Startup Master add-on: https://addons.mozilla.org/en-GB/thunderbird/addon/startupmaster/

It prevents the situation you report; if a good password isn't entered, it simply closes Thunderbird without the user having sight of any of your email folders. It is weak protection, since a savvy user might know to start Thunderbird in Safe Mode thereby disabling this add-on, or he might know how to browse to your mail stores and read them in a regular text editor. But it's effective in stopping most people from opening your Thunderbird. But of no help if you have opened it up yourself and have left it unattended - again, a system password should be used to keep unauthorised people away.

more options

Many thanks ... yes, this is very strange security indeed! I must say that the mechanism used by Outlook is infinitely better. After all, with Thunderbird's 'security' anyone who gets access to the computer can read the emails.

Effectively all this does really is to prevent the sending and receiving of messages ... which can be just as easily achieved by the OS user account security.

I will install your recommened add-on ... but I wonder if there is any possibility that this security loophole might one day be tightened up?