cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
crazybyte
Making moves
Status: New idea

Every time I open Thunderbird I have to input my master password. In order to do that I need to unlock the local keyring (KeePassXC in my case) and copy/paste the password.

KPXC like many other keyrings implement the FdoSSP (Gnome keyring and KWallet do the same). In this case the master key could be automatically retrieved by Thunderbird when started by querying the database via DBus.

Can you implement it? In case an OS doesn't support the SSP like Windows or any Linux distro where the service is not exposed, then Thunderbird could simply ask the password with the usual prompt. In this case there won't be any breakage for those users.

If the OS provides such a service, the password prompt could add an opt-in check-box which says "Do you want to store the master password in your keyring?". If checked, then the password is store there and future Thunderbird instances can automatically retrieved it.

6 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

JohnWayne289
New member

Please don't enforce this. This makes it impossible to migrate profiles between OSes and requires users to care about DPAPI (or the corresponding alternative) for Backups. In the end a compromised computer is not protected any better than with the current master password (keyloggers, RAM dump etc.).

crazybyte
Making moves

I agree. As I wrote in my last two sentences, that's should be an opt-in feature:


@crazybyte wrote:

In case an OS doesn't support the SSP like Windows or any Linux distro where the service is not exposed, then Thunderbird could simply ask the password with the usual prompt. In this case there won't be any breakage for those users.

If the OS provides such a service, the password prompt could add an opt-in check-box which says "Do you want to store the master password in your keyring?". If checked, then the password is store there and future Thunderbird instances can automatically retrieved it.

aitorpazos
New member

+1 here, I am in the same situation as @crazybyte . I would add that if this is implemented, please make sure proper feedback is provided that the browser is waiting for the secret service to be available/unblocked. I wouldn't like it to fail silently and keep asking for the password or similar obscure fail behavior.

Adding PAM support may also help solving this.

qlum
Strollin' around

I am personally very much in favor of having this, even having it as a default when possible.
Yes, you cannot easily back-up / restore the passwords, however the security benefits are pretty big.
If you don't use a master password, your passwords will essentially be stored in plain text. On Windows there has been malware that harvests these passwords and using something like Secret Service would prevent that.

Backing up the e-mail passwords would be a minor part of the configuration anyway.

Thomas_DC
Making moves

What's the need of SSP ?

I think that the OS password manager is fine, on any OS, and no matter if it does not use SSP.

So I think that Don't save passwords as plain text but rather integrate with OS storage system is better.

Eventually, SSP could came as an option, over the OS password manager, if you think that is better.