How To Password Protect The Email Client Thunderbird - gHacks Tech News

How To Password Protect The Email Client Thunderbird

Password protection is not enabled by default in the email client Mozilla Thunderbird. Anyone with access to the computer system may open Thunderbird, read the emails and look at contacts and other information stored in the software.

This lack of protection could be a problem if multiple users are using the computer or if other users have (theoretical) access to the PC which is often the case at work.

The following guide reviews two options on how to protect the Thunderbird email client to prevent unauthorized access to the data.

Password Protection Add-on

Thunderbird, just like Firefox, supports add-ons. Add-ons are small programs that increase or change the functionality of the email client.

Profile Password is a Thunderbird add-on that offers the means to password protect a Thunderbird profile. The extension adds a new entry to the Tools menu of the email client.

profile password
profile password

Thunderbird displays a password form on startup once a password has been set in the extension's options.

This protection is generally considered to be weak, largely because of options to circumvent the protection. It is for instance possible to access the mails and other information directly in the Thunderbird profile directory.

It might provide enough protection in some situations but technical users will find a way around it eventually. This protection becomes stronger if IMAP accounts are used since the emails are by default not downloaded to the local computer system. Thunderbird 3 on the other hand makes use of email synchronization by default which downloads the messages to the local PC. This feature needs to be disabled in Account Settings --> Synchronization & Storage.

Using Encryption

Profile encryption is the only available option to protect a Thunderbird profile completely from access by third parties. The encryption software True Crypt is a popular choice as it is available for Windows, Linux and Mac.

See Create a secure data safe with True Crypt for pointers on how to create an encrypted partition or container on your computer.

It's more complicated to setup but yields the highest possible protection. The basic concept is to create an encrypted container or partition on the computer before moving the Thunderbird profile folder there.

Existing profiles need to be moved to the new location and Thunderbird configured to use that new location for storage.

The encrypted storage container needs to be mounted before Thunderbird can access the profile. The user basically needs to enter the password to decrypt the storage. This has to be done at least once in every computing session in which Thunderbird is needed. At least once means that it depends on the user's handling of the encrypted storage after Thunderbird has been used. Some users might prefer to unmount the encrypted container to protect Thunderbird efficiently while others might prefer to keep it mounted to be able to access emails in Thunderbird faster.

Summary
software image
Author Rating
1star1star1star1stargray
no rating based on 0 votes
Software Name
Profile Password
Software Category
Email
Landing Page




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Rich Janitor Review said on June 28, 2010 at 2:55 pm
      Reply

      Great tips. I think the password add-on option is a good one. It should be enough to stop the casual snooper. Encryption is probably more than I need, but it is good to have that as an option as well.

      1. Martin said on June 28, 2010 at 3:10 pm
        Reply

        Password protection works if the other users accessing the PC are not that tech-savvy and not that interested in snooping. It does not make lots of sense to install it on a one-user PC though, I think.

    2. Larry said on June 29, 2010 at 2:18 am
      Reply

      Isn’t there a way to start Thunderbird without add-ons (I’m thinking of something like Safe Mode)?

      I don’t know why Thunderbird doesn’t put this in. It is so simple to do and TrulyMail has had it for quite a while. Just a simple password to ‘keep honest people honest.’

      1. Martin said on June 29, 2010 at 8:20 am
        Reply

        Larry yes, Safe Mode is an option. It is also possible to access the mails directly in the profile or delete the extension there.

    3. feh said on July 6, 2010 at 2:17 pm
      Reply

      mmm…as for me I prefer to use Protemac LoginTrap (protemac.com)

    4. Larry said on July 7, 2010 at 10:43 pm
      Reply

      Portable apps are great. There’s a TrulyMail Portable and a Thunderbird Portable (have used both and love them both) but I don’t know why Microsoft never built an Outlook Portable.

      Securing with TrueCrypt is also a great idea (I do it). Portable and secure… what more could you want?

    5. Thunder-man said on July 7, 2010 at 9:37 pm
      Reply

      Hi,
      I had read this article and came up with the idea
      to protected the TB Profil with TrueCrypt. (automatically)

      Thunderbird Portable – TC
      http://svsload.com/wd/thunderbird-portable-tc-mit-profil-passwortschutz/

      Is in German, but you can use any Thunderbird.
      Copy to ..AppThunderbird

      Create Thunderbird portable in your language (with thunderbird-setup.exe)
      You can also use my “Portable-Thunderbird Maker” for this
      http://svsload.com/wd/portable-thunderbird-maker/

    6. [email protected] said on September 9, 2010 at 5:49 pm
      Reply

      thank you so much for teaching us about the email client thunder.

    7. mb said on July 1, 2012 at 3:12 am
      Reply

      I’m sooo surprised that Thunderbird hasn’t implemented yet profile encryption … something that should have been done long ago. It reminds me the non-existent security in very early windows.

    8. Sony V said on August 30, 2012 at 2:12 pm
      Reply

      There is one thing that has been bothering me about Profile Password. How do I reset the password here in case I forget it? The only option that I am currently having is to start Thunderbird in safe-mode and uninstall the addon. If I try to install it again, I am prompted for the password. Doesn’t the previous password get deleted when I uninstall the addon? If not in which file is it getting saved? I have tried searching for it but have not been succesful. Any help provided would be much appreciated. Thanks.

    9. Mauldi said on February 22, 2013 at 11:29 am
      Reply

      The best way is using addon in thunderbird.

      This addon is working they way we all wanted.
      https://addons.mozilla.org/en-US/thunderbird/addon/master-password/?src=search

      Hope it’s what you all need..

    10. Mo said on December 29, 2013 at 1:00 pm
      Reply

      Hey
      I hat it, that I’m able to see my already downloaded emails etc. in Thunderbird even without logging in with my password. All I need is jut X the insert password box.
      Is there a way to not only protect from downloading new messages by password but also protect from reading and modifying the account by password?
      thanks a lot

      1. Martin Brinkmann said on December 29, 2013 at 1:37 pm
        Reply

        Not from within Thunderbird, but you can encrypt your mailboxes, for instance by creating a TrueCrypt container, placing it inside, and making sure they are linked properly from Thunderbird (or the full Thunderbird profile).

        1. Mo said on December 29, 2013 at 2:28 pm
          Reply

          Ok Thanks thats a good version.
          For my purpose, i found that the add on startup master works as well.
          cheers

    Leave a Reply