cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GwydionBowydd
New member
Status: Trending idea

My copy of Thunderbird is protected by a Master password, which ensures that you enter your password before Thunderbird launches.   However if you "CANCEL" at that point and do not enter your password Thunderbird STILL launches and existing e-mails can still be read.  If you try and send an e-mail the password will be required, but existing e-mails can still be read without entering the password.  This seems bizarre.
It would be better if Thunderbird doesn't launch at all if you press "CANCEL" at the password stage.  Thank you

16 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Rootman
New member

Sometimes I've started Thunderbird inadvertently, I do not enter the master password I have set and choose CANCEL on the password dialog.  Thunderbird still opens and each of the  many accounts I have setup prompts for a password.  There should be an option that Thunderbird CLSOES immediately when CANCEL is selected on the master password dialog.  With a toggleable option you have the choice of closing TB or continuing on with it's present behavior,  would still allow those who perhaps want to open ONE (or a few) accounts manually by prompting for a password. Those that simply want to close it all when cancel is selected can choose it too. 

Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Ripples
Strollin' around

That default behavior is crazy! You get my vote! Surely your simple, yet great idea would be easy to implement?

I posted a semi-related idea for Thunderbird security and privacy here as well:

Password Protected Local Folders

Oclair
Making moves

Thunderbird 102.12.0 (64-bit) MACOS Primary Password feature ignores cancel and re-prompts stealing UI focus.

Some questions relating to working as intended

Is there yet a consensus what to do when cancel is selected?

Why are multiple instances of the primary password request sent to the UI if the first one is not yet responded to?

Is giving the impression that this feature is not tested internally really a good idea for establishing the feature is secure and for example there are again no backdoors present bypassing the security feature?

Have a great day, and thank you for contributing to the Open Source software community!

wsmwk
Thunderbird Team
Thunderbird Team

> Have a great day, and thank you for contributing to the Open Source software community!

You are welcome. Thank you for contributing.

> Is giving the impression that this feature is not tested internally really a good idea for establishing the feature is secure and for example there are again no backdoors present bypassing the security feature?

Is just a known bug which hasn't been gotten to. There is no security exposure.

WrongIsland
New member

using 118.0b1, clicking Cancel 3 times makes the dialog go away but the program window opens giving full read and write access!

 

please advise, and thanks

Loneck
Strollin' around

I agree with the OP when Cancel option is selected for master password it should not open the application for anyone to view the mailbox. What is the point of master password when it lets you in to the application? I thought this is supposed to be security feature.

Loneck
Strollin' around

Agreed with OP, I have no idea who designed it this way. As it is now, master password is basically useless feature. Mozilla devs please correct this issue.

Dgener
New member

Agree. It would be nice to not be able to open “stay logged in” websites not just passwords or remembered sites will need a master password. The other cached pages can auto delete when closing the page. 

Status changed to: New idea
wsmwk
Thunderbird Team
Thunderbird Team

Thank you for the votes.  Moving the votes to https://connect.mozilla.org/t5/ideas/master-password/idi-p/25967 which describes the same idea.

wsmwk
Thunderbird Team
Thunderbird Team

https://connect.mozilla.org/t5/ideas/master-password/idi-p/25967 describes the same idea, so we are merging this idea into there, where you can vote.

Status changed to: Trending idea
wsmwk
Thunderbird Team
Thunderbird Team
 
Ernie32-FR
New member

I totally agree on the misleading part of having a password that does not block totall access to the program. Especially because this is the general idea behind it everywhere, a user should be at least warned that this is a different kind of password protection. Use of another word (admin-pwd or whatever) and the warning that cancelling will still show your emails, because that was my assumption too for years untill I accidentally canceled. Which made me feel stupid, to say the least, thinking all this time my emails were safe from unwanted eyes...

GoVeg
New member

Some thoughts can be also found here, in one of the many bug reports raised describing the same issue in bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=1872542