RFE: Lockout with Master Password Authentication

RESOLVED DUPLICATE of bug 239131

Status

defect
RESOLVED DUPLICATE of bug 239131
16 years ago
10 years ago

People

(Reporter: raccettura, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
Email is typically considered a very private thing.

Mozilla/Thunderbird has a password manager, that can require a password to
retrieve mail, and digitally sign.  But even if you don't enter that password,
you can still use the app and browse what's downloaded, or in the sent folder.  

A better behavior to keep curious eyes out, is the option to require the master
password for the password manager on startup.  If correct, then no passwords
required to do anything when logged in (provided Mozilla/Thunderbird knows
them).  On fail.  Close the App.

IIRC Netscape 4.x had this functionality.  If you used PKCS#11 module to secure it.

Granted, the data files are still in the profile folder, and insecure (there is
a bug to encrypt them I believe). 


The advantage of doing this is:
-  One password on load, and it's a fluent app, no need to enter password to
recieve, send, sign/encrypt.  1 password.
-  Better security against curious eyes.
-  Combined with Bug 184947, it would provide a much enhanced security model for
Thunderbird in particular.  


For example, my thinkpad has one of those embedded security chips.  I could
easily attach a fingerprint auth device such as
(http://www.targus.com/us/product_details.asp?sku=PA460U), and hook that up to
IBM's embedded security software.  And sue that PKCS#11 module in Thunderbird. 
I would then require a fingerprint to get into mail.  Rather than use a password.

More secure, and much simpler, and flexible.

Comment 1

15 years ago
Would be very usefull if mutliple people are using thunderbird on the same pc,
and still want their private profile.

Comment 2

15 years ago
Could be related to Bug 16489
QA Contact: front-end
Assignee: mscott → nobody
fixed I think with bug 239131 in TB3.  (but app is not closed on failed pwd)
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 239131
You need to log in before you can comment on or make changes to this bug.