본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Securing Thunderbird

  • 5 답장
  • 1 이 문제를 만남
  • 1 보기
  • 최종 답변자: Wayne Mery

more options

Has there been any thought in adding more security into accessing Thunderbird. Granted "standard email" is not that secure. However you still do need proper credentials to access the web interface of servers and it is generally stored encrypted (of varying degrees) on their system. There does not seem to be parallel to it on the local side with Thunderbird, at least without installing encrypted partitions etc.

Would it be possible for Thunderbird to use an encrypted profile (database) to store the email and then require a "master password" to open Thunderbird and access that mail?

Has there been any thought in adding more security into accessing Thunderbird. Granted "standard email" is not that secure. However you still do need proper credentials to access the web interface of servers and it is generally stored encrypted (of varying degrees) on their system. There does not seem to be parallel to it on the local side with Thunderbird, at least without installing encrypted partitions etc. Would it be possible for Thunderbird to use an encrypted profile (database) to store the email and then require a "master password" to open Thunderbird and access that mail?

모든 댓글 (5)

more options

re :require a "master password" to open Thunderbird

All 'User Accounts' created on any computer can apply passwords just to access the desktop. So if you do not have password then you do not even get to see the desktop, so cannot start up Thunderbird for that user. Basically you cannot see any document stored in the User Account. This is the most basic security offered by all computers and should be used if security is important at any level.

Thunderbird can be installed on computer and allowed to run in the various 'User Accounts'. Each user can logon to their User Account to see their desktop and run Thunderbird. Profile data is stored within the User Account.

When away from computer, you simply log off User Account to maintain privacy.

In Thunderbird itself, a 'Master Password' can be used, but it does not prevent viewing of emails, it is designed to prevent access to stored passwords. See info:

Email encryption is something entirely different.

글쓴이 Toad-Hall 수정일시

more options

Thanks for the reply but not quite what I was thinking... Thunderbird's master password just protects passwords saved in Thunderbird for actually logging in to those email servers. I know you can encrypt email with PGP (Enigmail for example)

I know you can restrict access to your Windows user account via a password or PIN but what I was thinking was actually more confined to Thunderbird directly. Anyone with access to your profile directory can view any of your email in the associated msf files with notepad. That is why I was pondering that instead of all those msf being stored in plaintext, could they be stored encrypted instead.

I know that would obviously require some major reworking and not sure what kind of performance penalty it would cause but just wondering how possible it might be.

more options

You will want to your disk. It is the only proper way to secure data that is on your system disk.

more options

I understand one way is to use disk encryption such as Bitlocker or Veracrypt. I was thinking of (maybe due to extra time on my hands ;) ) that there was another way. Our email programs are essentially a database program, evidenced by it prompting for compaction after removing x number of messages (records). Granted Thunderbird's database structure is not as "compact" Outlook with a single PST file, it still is basically a database. As there are several programs that store data in an encrypted container that require a password to open, any of the password managers do this, it should be technically possible to do with Thunderbird. I was just curious how difficult that would be (and at what cost i.e., performance)

more options

If you value what's in Thunderbird, then you should also value everything else on your computer. In any event, whole disk encryption is the only wholistic solution to protecting the Thunderbird data on your computer. It's also not worth cheaping out by attempting piecemeal solutions.