This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Securing Thunderbird

  • 5 replies
  • 1 has this problem
  • 18 views
  • Last reply by Wayne Mery

more options

Has there been any thought in adding more security into accessing Thunderbird. Granted "standard email" is not that secure. However you still do need proper credentials to access the web interface of servers and it is generally stored encrypted (of varying degrees) on their system. There does not seem to be parallel to it on the local side with Thunderbird, at least without installing encrypted partitions etc.

Would it be possible for Thunderbird to use an encrypted profile (database) to store the email and then require a "master password" to open Thunderbird and access that mail?

Has there been any thought in adding more security into accessing Thunderbird. Granted "standard email" is not that secure. However you still do need proper credentials to access the web interface of servers and it is generally stored encrypted (of varying degrees) on their system. There does not seem to be parallel to it on the local side with Thunderbird, at least without installing encrypted partitions etc. Would it be possible for Thunderbird to use an encrypted profile (database) to store the email and then require a "master password" to open Thunderbird and access that mail?

All Replies (5)

more options

re :require a "master password" to open Thunderbird

All 'User Accounts' created on any computer can apply passwords just to access the desktop. So if you do not have password then you do not even get to see the desktop, so cannot start up Thunderbird for that user. Basically you cannot see any document stored in the User Account. This is the most basic security offered by all computers and should be used if security is important at any level.

Thunderbird can be installed on computer and allowed to run in the various 'User Accounts'. Each user can logon to their User Account to see their desktop and run Thunderbird. Profile data is stored within the User Account.

When away from computer, you simply log off User Account to maintain privacy.

In Thunderbird itself, a 'Master Password' can be used, but it does not prevent viewing of emails, it is designed to prevent access to stored passwords. See info:

Email encryption is something entirely different.

Modified by Toad-Hall

more options

Thanks for the reply but not quite what I was thinking... Thunderbird's master password just protects passwords saved in Thunderbird for actually logging in to those email servers. I know you can encrypt email with PGP (Enigmail for example)

I know you can restrict access to your Windows user account via a password or PIN but what I was thinking was actually more confined to Thunderbird directly. Anyone with access to your profile directory can view any of your email in the associated msf files with notepad. That is why I was pondering that instead of all those msf being stored in plaintext, could they be stored encrypted instead.

I know that would obviously require some major reworking and not sure what kind of performance penalty it would cause but just wondering how possible it might be.

more options

You will want to your disk. It is the only proper way to secure data that is on your system disk.

more options

I understand one way is to use disk encryption such as Bitlocker or Veracrypt. I was thinking of (maybe due to extra time on my hands ;) ) that there was another way. Our email programs are essentially a database program, evidenced by it prompting for compaction after removing x number of messages (records). Granted Thunderbird's database structure is not as "compact" Outlook with a single PST file, it still is basically a database. As there are several programs that store data in an encrypted container that require a password to open, any of the password managers do this, it should be technically possible to do with Thunderbird. I was just curious how difficult that would be (and at what cost i.e., performance)

more options

If you value what's in Thunderbird, then you should also value everything else on your computer. In any event, whole disk encryption is the only wholistic solution to protecting the Thunderbird data on your computer. It's also not worth cheaping out by attempting piecemeal solutions.