No password protection is enabled by default in the email client Mozilla Thunderbird. Anyone with access to the computer system is able to open Thunderbird, read the emails and look at contacts and other information stored in the software.
This lack of protection could be a problem if multiple users are using the computer or if other users have (theoretical) access to the PC which is often the case at work.
The following guide reviews two options on how to protect the Thunderbird email client to prevent unauthorized access to the data.
Password Protection Add-on
Thunderbird, just like Firefox, supports add-ons. Add-ons are small programs that increase or change the functionality of the email client.
Profile Password is a Thunderbird add-on that offers the means to password protect a Thunderbird profile. The extension adds a new entry to the Tools menu of the email client.
profile password
Thunderbird displays a password form on startup once a password has been set in the extension’s options.
This protection is generally considered to be weak, largely because of options to circumvent the protection. It is for instance possible to access the mails and other information directly in the Thunderbird profile directory.
It might provide enough protection in some situations but technical users will find a way around it eventually. This protection becomes stronger if IMAP accounts are used since the emails are by default not downloaded to the local computer system. Thunderbird 3 on the other hand makes use of email synchronization by default which downloads the messages to the local PC. This feature needs to be disabled in Account Settings –> Synchronization & Storage.
Using Encryption
Profile encryption is the only available option to protect a Thunderbird profile completely from access by third parties. The encryption software True Crypt is a popular choice as it is available for Windows, Linux and Mac.
See Create a secure data safe with True Crypt for pointers on how to create an encrypted partition or container on your computer.
It’s more complicated to setup but yields the highest possible protection. The basic concept is to create an encrypted container or partition on the computer before moving the Thunderbird profile folder there.
Existing profiles need to be moved to the new location and Thunderbird configured to use that new location for storage.
The encrypted storage container needs to be mounted before Thunderbird can access the profile. The user basically needs to enter the password to decrypt the storage. This has to be done at least once in every computing session in which Thunderbird is needed. At least once means that it depends on the user’s handling of the encrypted storage after Thunderbird has been used. Some users might prefer to unmount the encrypted container to protect Thunderbird efficiently while others might prefer to keep it mounted to be able to access emails in Thunderbird faster.
Related Articles:
Fix Slow Or Hanging Thunderbird Email ClientEmail Client Thunderbird 3.1 Alpha Released
Thunderbird 3.0.3 Email Client Out
How To Start Replies On Top Of Quotes In Thunderbird Email Client
Email Client Mozilla Thunderbird 2.0.0.23 Update
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Great tips. I think the password add-on option is a good one. It should be enough to stop the casual snooper. Encryption is probably more than I need, but it is good to have that as an option as well.
Password protection works if the other users accessing the PC are not that tech-savvy and not that interested in snooping. It does not make lots of sense to install it on a one-user PC though, I think.
Isn’t there a way to start Thunderbird without add-ons (I’m thinking of something like Safe Mode)?
I don’t know why Thunderbird doesn’t put this in. It is so simple to do and TrulyMail has had it for quite a while. Just a simple password to ‘keep honest people honest.’
Larry yes, Safe Mode is an option. It is also possible to access the mails directly in the profile or delete the extension there.
mmm…as for me I prefer to use Protemac LoginTrap (protemac.com)
Hi,
I had read this article and came up with the idea
to protected the TB Profil with TrueCrypt. (automatically)
Thunderbird Portable – TC
http://svsload.com/wd/thunderbird-portable-tc-mit-profil-passwortschutz/
Is in German, but you can use any Thunderbird.
Copy to ..\App\Thunderbird
Create Thunderbird portable in your language (with thunderbird-setup.exe)
You can also use my “Portable-Thunderbird Maker” for this
http://svsload.com/wd/portable-thunderbird-maker/
Portable apps are great. There’s a TrulyMail Portable and a Thunderbird Portable (have used both and love them both) but I don’t know why Microsoft never built an Outlook Portable.
Securing with TrueCrypt is also a great idea (I do it). Portable and secure… what more could you want?
thank you so much for teaching us about the email client thunder.