Why is there no option to Lock Thunderbird with a PIN or PW? This seems like security flaw exposing your email to multiple accounts with no way to secure TB 102 unless I'm mission something. Can you let me know if I am missing something?
Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.
I would definitely advocate total password protection when Thunderbird starts. I used to use the "Master password" add-on, which no longer works with the new versions ...
@youngerjry I support your idea!
In addition to that, the content of Thunderbird should be encrypted when not in use.
The password protection should be optionally activated when a screensaver is started or energy-saving is executed.
Protection with master password
I can protect all passwords for my mailaccounts with a primary password, but I cannot protect Thunderbird and all mails it stores or caches with a master password.
This way, anyone that can start Thunderbird can still read all cached (imap) and stored (pop3) emails.
It could even be that Thunderbirds locally stored databases, caches and files are not protected or encrypted at all and readable if you gain access to the computer or maybe only its harddisc. Is that right ?
I would like to request a master password as feature. All access to Thunderbird should be denied without the right password, when set and all locally stored files and databases should be encrypted with this password.
Maybe there should be a way to recover all mails and gain access again when this master password has been lost (like you can use a PIN2 when you lost the PIN to your smartphone).
(Note: a similar idea has been merged into this thread)
It only makes sense to me that a password should be in place for security reasons. Or atleast the option for one. Senstive emails require protection and when we login to any web based email system they log you out and you are asked for a password again. I'm not sure why that Mozilla who is security concious has over looked the simple idea of allowing their users the ability to put a password in place should they desire to tighten email security another step.
If someone were to hack the machine and lets say the machine is locked from outside access from the keyboard, however someone gets access to the machine through the network then they can get access to THunderbird and get access to potientially sensitive information. It is not far fetched to have corporate espionage and state hackers try to get into companies these days. That use to be considered conspiracy but has proven to be true again and again especially since snowdens revelations brought a lot of this information to light.
Yes, please correct the master password feature to function properly. It should not be possible to access already downloaded emails to inbox when you click on Cancel button in password prompt.