Enable/Disable Show Passwords
April 15, 2024 Thunderbird is Insecure There is missing functionality issues
1. How to Disable the "SHOW PASSWORD" Button in Security Settings 2. Either implement with a Password Password option, only to show the Passwords or 3. Allow the ability to Disable the Button
back in 1916-18 the ability to disable the "SHOW PASSWORD" Button worked with with a variation of the following at that time user_pref("pref.privacy.disable_button.view_passwords", true); I believe I created and used chrome.css or chrome.js
At some point this functionality ceased to work.
Now, I have scoured the Net to figure out a Solution simply setting the value to True, gets reset by Thunderbird, TB does not save it. it always reverts back to False and the button remains available and does not disable
I have tried everything, adding it in user.js, settings.js, userChrome.js I put it in every directory, nothing seems to work
Do I have to Lock it? - How? confusing and disappointing.
Please provide a simple step by step Solution to the problem
Thank you
Όλες οι απαντήσεις (9)
The simple solution is to set a primary password. That prevents showing the password.
Primary Password is not the answer
TB prevents people from viewing the password security alright and it also prevents people from sending emails alright but it allows people to view emails - not all right
Whats the point of having a Primary Password, and Thunderbird allows people to view emails, simply pres escape multiple times and your in. and then it pesters you for the primary password all the time
Passwords are critical security points
I see 2 scenarios 1 Password protect all of TB - Primary Password 2 Password protect the Password section, or disable it.
I dont want anyone to see my passwords
Thank you, but I need a Solution for the Password Section, alone
The fix you want has been in review for almost five years. In bugzilla at
https://bugzilla.mozilla.org/show_bug.cgi?id=1566458 so, will they ever stop debating and implement a simple solution? We can only hope. Latest update on the bug indicates we may be getting closer to fixing this. I share your concerns and my opinion is already in the bug report.
Hi David,
I feel we are getting off subject. The Link provided discusses Primary passwords, not what I am looking for.
My Problem is the following: I need to disable the "SHOW PASSWORD" Button in the Security Section
I want to Secure (or Disable) that Button It reveals all of my passwords Anyone can gain access to it.
I am ok with Users to Send, receive and read messages, But I don't want them to view the (SMTP, IMAP) email passwords Currently, they can simply do this by pressing the "SHOW PASSWORD" button
I need a solution for this problem
In the past, I was able to disable this button by creating a "user.js" file with following Switch: user_pref("pref.privacy.disable_button.view_passwords", true);
This option does not work any longer. TB Resets it to False, all the time. and it does not perform the task required
Please advise Thank you
First, I think we're on same topic. I mentioned primary password because, although flawed, setting it does address the very issue that concerns you. I agree that it is 'half a loaf', but addresses the issue of not being able to see passwords. Second, as a courtesy, I filed a bug report at https://bugzilla.mozilla.org/show_bug.cgi?id=1891512 so it is at least on file. I haven't the slightest guess on whether this will be done soon or sit idle for years.
It reveals all of my passwords Anyone can gain access to it.
Lock your OS account when you're away from the computer, and nobody can access your Thunderbird profile.
Nice attempt Christ1
How about addressing the Bug, or Lack thereof, than to propose an alternative It just simply does not apply when you have a group of users in a small business.
The Users need to check, read, and send email, but they have no business poking around in the Settings area, and stumble on the password section, where it reveals all that they need to access their email from their homes, when the application should be secure enough to hold passwords private.
Most people are oblivious to the fact, the pass codes are available for all to see, however, it is just a matter of time, when they become privy to that info.
Thank you.
Hi David Thank you for your bug submission
to Reiterate
TB Does not Save any Update to prefs.js It reverts back to the default settings. the settings must be coming from a default file somewhere
can you tell me what is the name of the default file ? Adding the code to a separate user.js doesn't work either, like TB recommends, see below
Please advise thank you
The Following is from the prefs.js file // Mozilla User Preferences
// DO NOT EDIT THIS FILE. // // If you make changes to this file while the application is running, // the changes will be overwritten when the application exits. // // To change a preference value, you can either: // - modify it via the UI (e.g. via about:config in the browser); or // - set it within a user.js file in your profile.
To clarify: The prefs.js file is updated. If you make that config change, close TB and reopen, you will see the setting is as you set it. Then, if you click to show passwords, the setting is then reset. It is the request to show passwords that causes the reset. At this time, you have a partial solution. Not the one you want, but the only one that is available. That comment from prefs.js that you posted is only to those who might attempt to edit the file while TB is running.