Closed Bug 231261 Opened 20 years ago Closed 15 years ago
RFE: Lockout with Master Password Authentication
Email is typically considered a very private thing. Mozilla/Thunderbird has a password manager, that can require a password to retrieve mail, and digitally sign. But even if you don't enter that password, you can still use the app and browse what's downloaded, or in the sent folder. A better behavior to keep curious eyes out, is the option to require the master password for the password manager on startup. If correct, then no passwords required to do anything when logged in (provided Mozilla/Thunderbird knows them). On fail. Close the App. IIRC Netscape 4.x had this functionality. If you used PKCS#11 module to secure it. Granted, the data files are still in the profile folder, and insecure (there is a bug to encrypt them I believe). The advantage of doing this is: - One password on load, and it's a fluent app, no need to enter password to recieve, send, sign/encrypt. 1 password. - Better security against curious eyes. - Combined with Bug 184947, it would provide a much enhanced security model for Thunderbird in particular. For example, my thinkpad has one of those embedded security chips. I could easily attach a fingerprint auth device such as (http://www.targus.com/us/product_details.asp?sku=PA460U), and hook that up to IBM's embedded security software. And sue that PKCS#11 module in Thunderbird. I would then require a fingerprint to get into mail. Rather than use a password. More secure, and much simpler, and flexible.
Would be very usefull if mutliple people are using thunderbird on the same pc, and still want their private profile.
Could be related to Bug 16489
fixed I think with bug 239131 in TB3. (but app is not closed on failed pwd)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.