This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Store and retrieve the master password from the local secret service provider

crazybyte
Making moves
‎04-11-2023 11:14 AM
Status: New idea

Every time I open Thunderbird I have to input my master password. In order to do that I need to unlock the local keyring (KeePassXC in my case) and copy/paste the password.

KPXC like many other keyrings implement the FdoSSP (Gnome keyring and KWallet do the same). In this case the master key could be automatically retrieved by Thunderbird when started by querying the database via DBus.

Can you implement it? In case an OS doesn't support the SSP like Windows or any Linux distro where the service is not exposed, then Thunderbird could simply ask the password with the usual prompt. In this case there won't be any breakage for those users.

If the OS provides such a service, the password prompt could add an opt-in check-box which says "Do you want to store the master password in your keyring?". If checked, then the password is store there and future Thunderbird instances can automatically retrieved it.

See more ideas labeled with:
Comment
6 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎04-11-2023 11:19 AM
‎04-11-2023 11:19 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

JohnWayne289
New member
‎04-14-2023 04:46 PM
‎04-14-2023 04:46 PM

Please don't enforce this. This makes it impossible to migrate profiles between OSes and requires users to care about DPAPI (or the corresponding alternative) for Backups. In the end a compromised computer is not protected any better than with the current master password (keyloggers, RAM dump etc.).

crazybyte
Making moves
‎04-15-2023 05:34 AM
‎04-15-2023 05:34 AM

I agree. As I wrote in my last two sentences, that's should be an opt-in feature:

@crazybyte wrote:

In case an OS doesn't support the SSP like Windows or any Linux distro where the service is not exposed, then Thunderbird could simply ask the password with the usual prompt. In this case there won't be any breakage for those users.

If the OS provides such a service, the password prompt could add an opt-in check-box which says "Do you want to store the master password in your keyring?". If checked, then the password is store there and future Thunderbird instances can automatically retrieved it.

aitorpazos
New member
‎05-09-2023 02:07 AM
‎05-09-2023 02:07 AM

+1 here, I am in the same situation as @crazybyte . I would add that if this is implemented, please make sure proper feedback is provided that the browser is waiting for the secret service to be available/unblocked. I wouldn't like it to fail silently and keep asking for the password or similar obscure fail behavior.

Adding PAM support may also help solving this.

qlum
Strollin' around
‎07-21-2023 07:36 AM
‎07-21-2023 07:36 AM

I am personally very much in favor of having this, even having it as a default when possible.
Yes, you cannot easily back-up / restore the passwords, however the security benefits are pretty big.
If you don't use a master password, your passwords will essentially be stored in plain text. On Windows there has been malware that harvests these passwords and using something like Secret Service would prevent that.

Backing up the e-mail passwords would be a minor part of the configuration anyway.

Thomas_DC
Making moves
‎02-24-2024 11:20 AM
‎02-24-2024 11:20 AM

What's the need of SSP ?

I think that the OS password manager is fine, on any OS, and no matter if it does not use SSP.

So I think that Don't save passwords as plain text but rather integrate with OS storage system is better.

Eventually, SSP could came as an option, over the OS password manager, if you think that is better.

Copyright © 2024 Khoros, LLC