Closed
Bug 231261
Opened 21 years ago
Closed 16 years ago
RFE: Lockout with Master Password Authentication
Categories
(Thunderbird :: Mail Window Front End, defect)
Thunderbird
Mail Window Front End
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 239131
People
(Reporter: raccettura, Unassigned)
Details
Email is typically considered a very private thing.
Mozilla/Thunderbird has a password manager, that can require a password to
retrieve mail, and digitally sign. But even if you don't enter that password,
you can still use the app and browse what's downloaded, or in the sent folder.
A better behavior to keep curious eyes out, is the option to require the master
password for the password manager on startup. If correct, then no passwords
required to do anything when logged in (provided Mozilla/Thunderbird knows
them). On fail. Close the App.
IIRC Netscape 4.x had this functionality. If you used PKCS#11 module to secure it.
Granted, the data files are still in the profile folder, and insecure (there is
a bug to encrypt them I believe).
The advantage of doing this is:
- One password on load, and it's a fluent app, no need to enter password to
recieve, send, sign/encrypt. 1 password.
- Better security against curious eyes.
- Combined with Bug 184947, it would provide a much enhanced security model for
Thunderbird in particular.
For example, my thinkpad has one of those embedded security chips. I could
easily attach a fingerprint auth device such as
(http://www.targus.com/us/product_details.asp?sku=PA460U), and hook that up to
IBM's embedded security software. And sue that PKCS#11 module in Thunderbird.
I would then require a fingerprint to get into mail. Rather than use a password.
More secure, and much simpler, and flexible.
Comment 1•21 years ago
|
||
Would be very usefull if mutliple people are using thunderbird on the same pc,
and still want their private profile.
Updated•18 years ago
|
QA Contact: front-end
Updated•16 years ago
|
Assignee: mscott → nobody
Comment 3•16 years ago
|
||
fixed I think with bug 239131 in TB3. (but app is not closed on failed pwd)
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•