You are here

How to secure portable thunderbird?

11 posts / 0 new
Last post
chobo2
Offline
Last seen: 13 years 11 months ago
Joined: 2007-04-27 16:41
How to secure portable thunderbird?

Hey

I am wondering how do I secure portable thunderbird. Like right now if someone gets my usb key they can just open thunderbird up and see all my messages and email accounts. I put a master password on but you still can see my email accounts when thunderbird loads up.

Also this stops no one from just going to the folders where the messages get stored and snoop around in the profile.

Since I am using it as a portable device and most places I don't get admin rights for so I can encrypt my stuff with like truecrypt.

ottosykora
Offline
Last seen: 11 hours 17 min ago
Joined: 2007-10-11 17:48
you can't

in general

but, you could use encryption for the mails, so at least the mail contents are secure.
Under normal operation, mails are stored as text on your drive, so passwords are for the gui operation, the mails itself can be kind of read, if are able to search between the headers etc.

The next step would be to have the whole on an encrypted volume like turecrypt or similar, but this requires admin rights since drivers has to be set up each time you are going to use it on each host.

Next step would be to use hardware encrypted usb stick, there are often somewhat more expensive, but will do the the job definitely.

Otto Sykora
Basel, Switzerland

efs710920mex
Offline
Last seen: 14 years 7 months ago
Joined: 2010-04-27 14:10
Why not secure the entire USB drive

You can use TrueCrypt to create a secure USB (encrypted) and then not only your mail, but all your information will be secure. I use it at work. I share the computer with several other users, so I don't want my mail to be expose. I create a hidden drive and then use it as a flash drive to keep all my portable apps.

http://www.truecrypt.org/

I can be easily installed and used. It has full instructions about how to create a volume. Any doub, mail me, I've been using it for years now.

Jimbo
Offline
Last seen: 4 years 10 months ago
Joined: 2007-12-17 05:43
you missed a bit

... and it requires administrator access to mount the volume on each and every PC that you ever visit, unless the administrator of the PC has pre-installed TrueCrypt on it in advance.

Don't get me wrong, I have a 4GB TrueCrypt volume on my 32GB Flash drive, and use it for all my private and confidential stuff, leaving only the parts I don't mind sharing with anyone who happens to steal my key on the other 28GB Smile

But it does mean that I can't trivially get to the rest of it when I'm on a strange computer.

There is TCExplorer, which may be out of date, but still works perfectly well provided that you create the volumes with an older version of TC so teh header format can be understood by it, but all that would allow you to do is copy the app/data off the TC volume onto the C: drive, and then copy it back after you were done.

Exactly the same issues and caveats apply to FreeOTFE which is also available as a paf installer, but still needs admin rights to be able to mount.

d.bear
Offline
Last seen: 6 years 3 months ago
Joined: 2007-12-27 17:29
don't care about running on strange computers

I'm not nearly as worried about running on a strange computer as I am losing the USB Drive.

As mentioned above, TrueCrypt. My USB Drive has:

  • a TrueCrypt folder with the TrueCrypt executable and the truecrypt*.sys files,
  • a very big PortableApps.tc file.

Then all personal stuff, including Thunderbird Portable is inside the encrypted drive.

Pumbah
Offline
Last seen: 9 years 8 months ago
Joined: 2009-09-02 07:04
Next step would be to use

Next step would be to use hardware encrypted usb stick, there are often somewhat more expensive, but will do the the job definitely.

Unfortunately these require Admin rights, too.

ottosykora
Offline
Last seen: 11 hours 17 min ago
Joined: 2007-10-11 17:48
not all

>

Next step would be to use hardware encrypted usb stick, there are often somewhat more expensive, but will do the the job definitely.

Unfortunately these require Admin rights, too.

Otto Sykora
Basel, Switzerland

fcoulter
Offline
Last seen: 2 years 6 months ago
Joined: 2010-05-29 17:10
Padlock 2?

Are there any competitors for the Padlock 2? It seems a bit pricey, but may be worth it. But competitors would keep the price as low as possible, while maintaining a bit of profit for the vendor.

How fast is it compared to other drives?

How often do you have to enter the password? Just when you stick it in the drive?

How long does it last? (I've heard that a heavily used usb probably should be replaced once a year. Is this a good estimate?)

Fred

ottosykora
Offline
Last seen: 11 hours 17 min ago
Joined: 2007-10-11 17:48
there are some

there are some drives with finger print sensor instead of the number keys.

Padlock is ok, but the speed of the actual stick inside is not very great, it is rather one of the slow multilevel chipsets in it. Something like read 12, write 7 or so.

Each time you want connect the padlock to the host you have to enter the keys before. Then it is open for few secs and will remain open while connected to the host.
When disconnected, after few secs the drive is locked.
There is also some master password in case you forget the actual one, and there is always a way to reformat the stick and start again.

How long it lasts? No idea, like all the rest of the things. There is some warranty on it for dont know how many years, but you know that this is all jokes only. If the connector breaks it is broken. But it comes with short extension cable, so you dont have to stick it straight into the laptop, but can have it on desk connected with softer cable.

All together seems not so bad , my TB with gpg and similar are stored now only in this thing when under way.

Otto Sykora
Basel, Switzerland

RPMRat
Offline
Last seen: 13 years 7 months ago
Joined: 2009-07-31 08:39
Not true

Hardware encryption doesn't require admin rights.

Truecrypt won't even start up unless you have admin rights.

ottosykora
Offline
Last seen: 11 hours 17 min ago
Joined: 2007-10-11 17:48
admin rights

>Hardware encryption doesn't require admin rights.

Otto Sykora
Basel, Switzerland

Log in or register to post comments