No password Thunderbird
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway. --doug
On 2021-03-27 8:45 p.m., Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway. --doug
The TBird password does not protect anyone from reading your email. It protects the passwords you use to fetch and send email.
On 3/28/21 2:31 AM, Darryl Gregorash wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway. --doug The TBird password does not protect anyone from reading your email. It
On 2021-03-27 8:45 p.m., Doug McGarrett wrote: protects the passwords you use to fetch and send email. Even more reason to ditch this password. I check email 3 - 4 times a day. I reflexively close the file each time, so I need the d---ed password every time. So somehow I have defeated that. How? --doug
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 3/28/21 6:11 AM, Carlos E. R. wrote:
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc. And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one. --doug
On 28/03/2021 19.16, Doug McGarrett wrote:
On 3/28/21 6:11 AM, Carlos E. R. wrote:
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc.
That's not the problem. Someone may claim it is you by using your email. The bank is just an example, it can be any other business unknown to you. It can be something as simple as sending spam in your name.
And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one.
Irrelevant. Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On Sun, 28 Mar 2021 21:28:00 +0200 Carlos E.R. wrote:
On 28/03/2021 19.16, Doug McGarrett wrote:
On 3/28/21 6:11 AM, Carlos E. R. wrote:
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc.
That's not the problem. Someone may claim it is you by using your email.
The bank is just an example, it can be any other business unknown to you.
It can be something as simple as sending spam in your name.
And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one.
Irrelevant.
Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out.
Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable? -- Bob Williams System: Linux 5.3.18-lp152.50-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5 https://useplaintext.email/
On 2021-03-29 12:51 a.m., Bob Williams wrote:
On Sun, 28 Mar 2021 21:28:00 +0200 Carlos E.R. wrote:
Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out.
Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable?
Unless you are using a third-party password manager, you passwords are probably stored in plain-text, so unless you are absolutely certain that no unauthorized person will ever gain access to your computer, they are vulnerable.
Am 29.03.21 um 08:51 schrieb Bob Williams:
... Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable?
I don't know anything about claws. There is already a default master password on Thunderbird, probably a blank, it is the same on millions on Thunderbirds. So, if someone gets access to my computer, e.g. via buggy software, he/she might set a master password simply because he/she can and I have a problem. If I set passwords where I can, I avoid at least that problem. BTW, Firefox also allows a master password. "Firefox can save usernames and passwords that you use to access online services, such as banking and email websites. If you share a computer with anyone, it is recommended that you use a primary password." Peter
On 29/03/2021 08.51, Bob Williams wrote:
On Sun, 28 Mar 2021 21:28:00 +0200 Carlos E.R. wrote:
On 28/03/2021 19.16, Doug McGarrett wrote:
On 3/28/21 6:11 AM, Carlos E. R. wrote:
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc.
That's not the problem. Someone may claim it is you by using your email.
The bank is just an example, it can be any other business unknown to you.
It can be something as simple as sending spam in your name.
And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one.
Irrelevant.
Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out.
Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable?
If someone ever gains read access to your computer, be it somebody in the house, or that your computer is stolen, or your computer is hacked, they can at least read your files and read the password out from some file, which of course they have to know which file it is and that it not protected. Some programs may cipher the password file somehow, but without a password. For example, the system password that you use to login. Some programs store the password in clear text, the only protection being the file permissions: for example, fetchmail. So the danger is relative. However, the need to protect email is bigger now that it was in the past, because many companies provide some kind of remote access and the email is often the identification factor (that you can send and receive with that address). Banks are also using the smart mobile phone, I hope they would not directly trust an email, but who knows. You could email your bank manager whom you know personally and tell them to prepare the sale of some shares or funds, for example. I would not trust a bank remembering that you told them you never use email, the bad guy can say you (I) broke a leg and can not go to the branch in person :-p -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On Mon, 29 Mar 2021 07:51:09 +0100 Bob Williams <usenet@karmasailing.uk> wrote:
On Sun, 28 Mar 2021 21:28:00 +0200 Carlos E.R. wrote:
On 28/03/2021 19.16, Doug McGarrett wrote:
On 3/28/21 6:11 AM, Carlos E. R. wrote:
On 28/03/2021 04.45, Doug McGarrett wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway.
You are wrong. Your email can bu used to steal your identity and then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc.
That's not the problem. Someone may claim it is you by using your email.
The bank is just an example, it can be any other business unknown to you.
It can be something as simple as sending spam in your name.
And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one.
Irrelevant.
Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out.
Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable?
claws-mail encrypts the passwords in ~/.claws-mail/passwordstorerc So most of what people have said is wrong. But if 'they' got access to my machine, then they could run claws to send mail. I've no real idea what else they could accomplish.
On 3/29/21 2:51 AM, Bob Williams wrote:
On Sun, 28 Mar 2021 21:28:00 +0200 Carlos E.R. wrote:
On 28/03/2021 19.16, Doug McGarrett wrote:
On 3/28/21 6:11 AM, Carlos E. R. wrote:
Somehow I have accidentally set Thunderbird to open without a password. It's wonderful! It was a royal pita! Now in case it changes back, or if a zypper dup changes it back, I'd like to know how to do it on purpose. I have no reason to need a password for my email. I have no secrets on it, and no porn. If someone should get in and read it, so what? And there's nobody here to read it but me anyway. You are wrong. Your email can bu used to steal your identity and
On 28/03/2021 04.45, Doug McGarrett wrote: then the money in your bank or any other business with an internet presence. Or do harm to others, in your name.
My identity is listed on the outgoing mail every time. My bank information is not included in any mail, or even anywhere on my computer. I actually go to the bank when I need to deposit or cash a check, etc. That's not the problem. Someone may claim it is you by using your email.
The bank is just an example, it can be any other business unknown to you.
It can be something as simple as sending spam in your name.
And Darryl Gregorash says that the password only protects the p/w used to receive and send mail, not the contents thereof. I am not suggesting that the system logon p/w or the su - p/w should be eliminated, only the email one. Irrelevant.
Once they have your password to send and receive, they get the contents and they read them (and write them). Then they change the password and you are out.
Interesting. I use Claws-Mail rather than Thunderbird. I do not need a 'master' password in Claws-Mail, although every email account within CM needs its own login password. But that is a set once and forget operation. But from what you're saying, Carlos, I am somehow vulnerable?
It's irrelevant now. On reboot, T/B goes back to requiring password. I looked at claws mail once, but it wants information I can't supply, whereas T/B finds out for itself. Thanks for the info--doug
participants (7)
-
Bob Williams -
Carlos E. R. -
Carlos E.R. -
Darryl Gregorash -
Dave Howorth -
Doug McGarrett -
Peter McD