Mozilla Connect

linuxmagic · ‎04-19-2023

Thunderbird already has the support for ClientID, a Transparent 2FA mechanism, but it currently requires enabling this feature using the Config Editor... manually.

This feature request is for having Thunderbird/K9-Mail automatically prompt the user to use CID (ClientID) two factor authentication when the mail server advertises support for CLIENTID. And if the user selects "Yes" to enabling ClientID support for the email account, the relevant "clientidEnabled" entries (in Config Editor) are set to "true" automatically.

Now that more and more email platforms are supporting CLIENTID, the sooner end users or customers can be protected with a Transparent 2FA the better. Especially for those operators who are not able or interested in implementing a form of OAuth. Two Factor authentication/identification is best used when it is as transparent to the end user as possible. And if they are using an email account at a provider that offers it, this trust factor helps both parties.

ps. It will also be great if K-9 Mail also has ClientID support!

Jon · ‎04-19-2023

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

天王寺屋 · ‎04-25-2023

The data Google collects will be anonymized, so it is not safe.... There is data that falls under the category of personal information ('Unique Identifier' or 'Persistent Identifier') as defined in the CCPA. One of them is the Client ID.
https://www.cookiebot.com/en/google-analytics-ccpa/

Client ID is a unique ID stored in a cookie and used by Google to identify individual users.
Google uses authentication methods to collect and profiling "unique personal information" and must take these big tech speculations into account.
At the very least, the end user should be guaranteed the right (opt-in option) to choose the means of authentication.

linuxmagic · ‎04-27-2023

Thank you for the comment, 天王寺屋.

The "ClientID" mentioned in this post is different from and has nothing to do with the "Client ID" you have referenced from Google's site. Yes...I know... with such a similar/practically the same name, it can be confusing and cause misunderstanding.

If interested, please see my further explaination on the ClientID support for mailbox access below:

The ClientID mentioned in my Ideas post is a generated unique text identifer for each mail account in Thunderbird, and its function, should the end-user decide to enable it (default is off) to further enhance their mailbox access security, the unique string is sent to the supported mail server as an additional authentication verification step (i.e. in addition to the standard login/authentication mechanism used), which is based on the RFC standards proposal draft:
https://www.ietf.org/archive/id/draft-yu-imap-client-id-09.txt

Essentially, with ClientID enabled on an email account, the end-user can decide which email client's ClientIDs are allowed to access their mailbox with the correct password. That in turn will prevent unauthorized access to the mailbox from foreign unapproved "devices" even with the correct password.

I hope this clarifies any confusion or doubts.

Thanks!

天王寺屋 · ‎04-27-2023

@linuxmagic,

Thanks for your reply too.
I understand your explanation.
I agree with your idea!

Mozilla Connect

Prompt to enable CID (CLIENTID) T2FA authentication when mail server advertises support for CLIENTID

Wide Gamut (WCG) Support

Calendar search function in nebula 127 can no long...

Bring back select multiple folder

Block font fingerprinting by default

Android version of Thunderbird

Add Startpage private search as option

Native Tab Grouping / More Customizable Tab bar

Make "Mute Tab" and "Unmute Tab" distinguable

Bring back PWA (progressive web apps)

Customizable hotkeys