Closed Bug 1606711 Opened 4 years ago Closed 3 years ago

If checking new mail at startup and after a time interval, a second primary/master password prompt appears when the startup prompt isn't answered

Categories

(Thunderbird :: Security, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: jorgk-bmo, Unassigned)

References

Details

If checking new mail at startup and after a time interval, a second master password prompt appears when the startup prompt isn't answered.

This is from bug 584014 comment #88.

I reproduced this on a profile with 9 IMAP accounts, but apparently it fails with less.

In my case I got at least 5 dialogs before I got back to my computer, with only 3 IMAP accounts, but I think I have them set to check every minute.

Same result: about 5/10 prompts if I wait 1 hour before going to my computer. I'm using 5 IMAP accounts.

Thanks for the feedback. Magnus, can we assign a resource to this or do you want to put it into the "don't use a master password"(*) bucket?

(*) Because it's currently not safe, see bug 1562687, bug 973759, and you should encrypt your hard drive instead.

EDIT: Actually, reading bug 1562687 comment #3 and below, the MP has become a whole lot safer, so I don't think we would still advise against using it.

Flags: needinfo?(mkmelin+mozilla)

Well there's an easy workaround: just answer the first prompt ;)

Flags: needinfo?(mkmelin+mozilla)

Personally I don't think it's funny since there is large user concern over these multiple prompts. There is ongoing discussion about those multiple prompts in bug 1605745, bug 177175, bug 584014, bug 1512083, just to name a few. So IMHO it would be a good idea to allocate some resource to finally fix this long-standing issue.

See Also: → 1605745, 177175, 584014, 1512083

Bugs are usually not funny. IMHO it's still hard to see how it would be a very important issue, or one affecting large masses - compared to many other competing priorities: it's a rather special case in a non-default setup, which a normal workflow (answer the prompt, don't cancel it) would "work around".

I merely questioned whether we want to assign a resource to the never ending string of complaints about multiple MP prompts. Answering "just answer the prompt" is not helpful, IMHO. Bug 1176399 and bug 682474 were in fact deemed important, you may even remember that the first fix attempt of bug 1176399 caused a serious regression of a re-download of gigabytes of Gmail messages. So in those days, yes, there was a (voluntary) resource available.

Maybe Kai can get bug 177175 fixed, bug 177175 comment #384 (!!) sounds promising. After that, we should see whether further mitigation is necessary.

For this bug here I imagined something like a semaphore to handle all MP requests, so if one is already ongoing, all subsequent ones would join the club. However, that seems to be the idea in bug 177175 comment #384, so hopefully the mitigation in Mozilla Core is already sufficient.

Those were fixed because they, contrary to this one, were seriously annoying large masses and there was no easy workaound.

I'm not saying we shouldn't fix things where we can do so with reasonable effort, but like you can see from Kai's comment, actually fixing it good is likely a massive undertaking probably involving deeper refactoring in nss + tb specific code across all protocols, none of which is going to be easy. Please remember that Thunderbird is a mail application: that's our focus. MP is simply something the platform offers, to the extent it offers much above what the OS offers. In short, probably not worth it considering competing priorities.

Product planning should allow fixing annoying bugs at some stage, even if they affect less people or are hard to fix. There are some problem areas that have existed for decades which should be identified and included in planning, like we're doing for maildir, for example(*). If you applied the priority argument to real life, you'd never hand in your tax return or never wash the dishes. Well, some people do, but they get into trouble. I know you're not a great friend of MP, but it was recently made more secure and people chose it to protect access to their mail, which for many services is at central to access control.

(*) I'd claim that most users don't care about how their e-mails is stored as long as it works and a defective maildir is not made the default. So personally I don't see any benefit in having maildir working. Like for my Mozilla folder I'd have 160.00 files that the OS would have to manage, hmm. So in the end, it's all a matter of taste and opinion and we need to give everyone the chance to get their stuff fixed one day.

See Also: → 1524247

I have seven IMAP accounts, none of which check mail on startup and still have the problem with multiple master-password dialogs.
I don't think this behaviour is related to any specific setting, it's a general problem.

The bug with multiple master-password dialogs opening on startup is 18 years old!!!
See -> bug 177175

Problem/Issue: Well, My problem is similar and it appears somewhere after the release of version 68. Today I run 68.5.0-64 bit (from release channel). I can confirm that it require one MP for each of my 4 configured IMAP accounts (no request for the 5 POP ones): at session start, I don't have to wait for the MP prompts, but they are required only once per session. My configs check for new mail at startup.
Environment: As add-ons I have Lightning (for Google calendar sync) and Google Calendar Provider (you guess it). If it matters (and I doubt it) it's a Brazilian "version".
Does it be any solution/workaround for this annoying behavior?

Simon, Edson, version 68 will soon not be supported.

Version 78 on the other hand has a couple password fixes which may help. It would be useful for us to know your experience with version 78.3.0 which will be out later this week.

Flags: needinfo?(sicro)
Flags: needinfo?(egschubert)
Summary: If checking new mail at startup and after a time interval, a second master password prompt appears when the startup prompt isn't answered → If checking new mail at startup and after a time interval, a second primary/master password prompt appears when the startup prompt isn't answered

Likely the recent fixes didn't help.

When I upgraded TB to 78 it took a while for it to restart so I left for lunch. When I got back, it had two pwd prompts up. I have three mail accounts configured and all of them are set to check messages at start-up. All three are IMAP, two connected to Google and one to Microsoft/Office 365. Cannot say why I got two prompts rather than a single one or three (one per account). Maybe one prompt per remote server? Since two accounts have the same server for incoming, that could make sense.

(In reply to Wayne Mery (:wsmwk) from comment #12)

Simon, Edson, version 68 will soon not be supported.

Version 78 on the other hand has a couple password fixes which may help. It would be useful for us to know your experience with version 78.3.0 which will be out later this week.

Yes, Version 78 seems to behave much better in regards to multiple password windows popping up at startup.
In fact I cannot recall having had this problem since updating to v 78.
So far, so good!

Flags: needinfo?(sicro)

(In reply to Wayne Mery (:wsmwk) from comment #12)

Simon, Edson, version 68 will soon not be supported.

Version 78 on the other hand has a couple password fixes which may help. It would be useful for us to know your experience with version 78.3.0 which will be out later this week.

Hi, Wayne... Thanks for the follow-up.
As Simon, I'm on version 78.6.0 and the problem seems not to be present.
As the one who jumped from the 50th floor said passing down the 30th floor: So far, so good... ;)

Flags: needinfo?(egschubert)

Thanks for the updates

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.