TB3 vs. TB2 master password dialog box
jan sochor
any other window opened...
in TB3 when the dialog box asking for the password appears the main
window of TB is already opened and i can see all the mail accounts and
structure of the mailboxes...
...has been this change in behavior made by purpos?...does anyone else
has also the feeling it is sort of security downgrade as i do?
...sorry for my english and thanks for any reaction to my question...
Thomas Harold
> in TB2 when the program launched it asked for the master password before
> any other window opened...
> in TB3 when the dialog box asking for the password appears the main
> window of TB is already opened and i can see all the mail accounts and
> structure of the mailboxes...
>
> ...has been this change in behavior made by purpos?...does anyone else
> has also the feeling it is sort of security downgrade as i do?
>
There's nothing there that couldn't also be pulled straight out of your
profile directory. Each mail account and folder structure is readily
apparent due to the file/folder structure inside the profile. If you
are truly paranoid about someone reading your email, or seeing your
folder structure, then you'd need to keep the profile in an encrypted
volume. Mount the volume only when you're using your email client and
close it afterwards.
Or if you're only concerned about message content - then you need to be
sending your messages as encrypted (usually with GPG via EnigMail).
Otherwise your messages are already traveling across the network in
plain-text where they can be sniffed/displayed by anyone along the route.
The only thing that the master password is supposed to secure is your
POP3 / IMAP / SMTP server passwords. It asks for the master password so
that it can encrypt/decrypt those stored passwords.
(And for the record, TB2 would also display the main window before
prompting. Depending on whether you had accounts set to check
immediately for new mail or not combined with how slow/fast Windows is
at loading the application.)
Ron Hunter
I have never used a master password as my system is physically secure.
However, I was under the impression that unless you did something that
required sending a password to another site, such as opening email, or a
secure news server, the password wouldn't be requested. TB3 has a
somewhat different structure, and it may be that it displays information
before it tries to open the email server link, so the password isn't
needed at that time, or that it multi-threads, and the display thread
completes before the server is opened. Either way, I suspect that you
won't be able to change this action.
--
Ron Hunter - rphu...@charter.net
Dave Royal
> The only thing that the master password is supposed to secure is your
> POP3 / IMAP / SMTP server passwords. It asks for the master password so
> that it can encrypt/decrypt those stored passwords.
In TB3 the master password also secures your S/MIME certificates -
which is a change from TB2:
https://bugzilla.mozilla.org/show_bug.cgi?id=534444
(But that is not related to the OP's question.)
Dave
--
(Remove any numerics from my email address.)
jan sochor
thanks for the answer...now i understand the purpose of the master
password better...
jan
Andrew Katz
I would also like TB3 to ask for my master password when it first
starts, like TB2 did. It is what I want to get - my email - when I
start TB. So why go through the steps of having to ask for it.