How To Password Protect The Email Client Thunderbird

Martin Brinkmann
Jun 28, 2010
Updated • Jun 26, 2017
Email, Thunderbird
|
15

Password protection is not enabled by default in the email client Mozilla Thunderbird. Anyone with access to the computer system may open Thunderbird, read the emails and look at contacts and other information stored in the software.

This lack of protection could be a problem if multiple users are using the computer or if other users have (theoretical) access to the PC which is often the case at work.

The following guide reviews two options on how to protect the Thunderbird email client to prevent unauthorized access to the data.

Password Protection Add-on

Thunderbird, just like Firefox, supports add-ons. Add-ons are small programs that increase or change the functionality of the email client.

Profile Password is a Thunderbird add-on that offers the means to password protect a Thunderbird profile. The extension adds a new entry to the Tools menu of the email client.

profile password
profile password

Thunderbird displays a password form on startup once a password has been set in the extension's options.

This protection is generally considered to be weak, largely because of options to circumvent the protection. It is for instance possible to access the mails and other information directly in the Thunderbird profile directory.

It might provide enough protection in some situations but technical users will find a way around it eventually. This protection becomes stronger if IMAP accounts are used since the emails are by default not downloaded to the local computer system. Thunderbird 3 on the other hand makes use of email synchronization by default which downloads the messages to the local PC. This feature needs to be disabled in Account Settings --> Synchronization & Storage.

Using Encryption

Profile encryption is the only available option to protect a Thunderbird profile completely from access by third parties. The encryption software True Crypt is a popular choice as it is available for Windows, Linux and Mac.

See Create a secure data safe with True Crypt for pointers on how to create an encrypted partition or container on your computer.

It's more complicated to setup but yields the highest possible protection. The basic concept is to create an encrypted container or partition on the computer before moving the Thunderbird profile folder there.

Existing profiles need to be moved to the new location and Thunderbird configured to use that new location for storage.

The encrypted storage container needs to be mounted before Thunderbird can access the profile. The user basically needs to enter the password to decrypt the storage. This has to be done at least once in every computing session in which Thunderbird is needed. At least once means that it depends on the user's handling of the encrypted storage after Thunderbird has been used. Some users might prefer to unmount the encrypted container to protect Thunderbird efficiently while others might prefer to keep it mounted to be able to access emails in Thunderbird faster.

Summary
software image
Author Rating
1star1star1star1stargray
1 based on 1 votes
Software Name
Profile Password
Software Category
Email
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Mo said on December 29, 2013 at 1:00 pm
    Reply

    Hey
    I hat it, that I’m able to see my already downloaded emails etc. in Thunderbird even without logging in with my password. All I need is jut X the insert password box.
    Is there a way to not only protect from downloading new messages by password but also protect from reading and modifying the account by password?
    thanks a lot

    1. Martin Brinkmann said on December 29, 2013 at 1:37 pm
      Reply

      Not from within Thunderbird, but you can encrypt your mailboxes, for instance by creating a TrueCrypt container, placing it inside, and making sure they are linked properly from Thunderbird (or the full Thunderbird profile).

      1. Mo said on December 29, 2013 at 2:28 pm
        Reply

        Ok Thanks thats a good version.
        For my purpose, i found that the add on startup master works as well.
        cheers

  2. Mauldi said on February 22, 2013 at 11:29 am
    Reply

    The best way is using addon in thunderbird.

    This addon is working they way we all wanted.
    https://addons.mozilla.org/en-US/thunderbird/addon/master-password/?src=search

    Hope it’s what you all need..

  3. Sony V said on August 30, 2012 at 2:12 pm
    Reply

    There is one thing that has been bothering me about Profile Password. How do I reset the password here in case I forget it? The only option that I am currently having is to start Thunderbird in safe-mode and uninstall the addon. If I try to install it again, I am prompted for the password. Doesn’t the previous password get deleted when I uninstall the addon? If not in which file is it getting saved? I have tried searching for it but have not been succesful. Any help provided would be much appreciated. Thanks.

  4. mb said on July 1, 2012 at 3:12 am
    Reply

    I’m sooo surprised that Thunderbird hasn’t implemented yet profile encryption … something that should have been done long ago. It reminds me the non-existent security in very early windows.

  5. [email protected] said on September 9, 2010 at 5:49 pm
    Reply

    thank you so much for teaching us about the email client thunder.

  6. Thunder-man said on July 7, 2010 at 9:37 pm
    Reply

    Hi,
    I had read this article and came up with the idea
    to protected the TB Profil with TrueCrypt. (automatically)

    Thunderbird Portable – TC
    http://svsload.com/wd/thunderbird-portable-tc-mit-profil-passwortschutz/

    Is in German, but you can use any Thunderbird.
    Copy to ..AppThunderbird

    Create Thunderbird portable in your language (with thunderbird-setup.exe)
    You can also use my “Portable-Thunderbird Maker” for this
    http://svsload.com/wd/portable-thunderbird-maker/

  7. Larry said on July 7, 2010 at 10:43 pm
    Reply

    Portable apps are great. There’s a TrulyMail Portable and a Thunderbird Portable (have used both and love them both) but I don’t know why Microsoft never built an Outlook Portable.

    Securing with TrueCrypt is also a great idea (I do it). Portable and secure… what more could you want?

  8. feh said on July 6, 2010 at 2:17 pm
    Reply

    mmm…as for me I prefer to use Protemac LoginTrap (protemac.com)

  9. Larry said on June 29, 2010 at 2:18 am
    Reply

    Isn’t there a way to start Thunderbird without add-ons (I’m thinking of something like Safe Mode)?

    I don’t know why Thunderbird doesn’t put this in. It is so simple to do and TrulyMail has had it for quite a while. Just a simple password to ‘keep honest people honest.’

    1. Martin said on June 29, 2010 at 8:20 am
      Reply

      Larry yes, Safe Mode is an option. It is also possible to access the mails directly in the profile or delete the extension there.

  10. Rich Janitor Review said on June 28, 2010 at 2:55 pm
    Reply

    Great tips. I think the password add-on option is a good one. It should be enough to stop the casual snooper. Encryption is probably more than I need, but it is good to have that as an option as well.

    1. Martin said on June 28, 2010 at 3:10 pm
      Reply

      Password protection works if the other users accessing the PC are not that tech-savvy and not that interested in snooping. It does not make lots of sense to install it on a one-user PC though, I think.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.