I use Thunderbird portable on my usb flash drive at uni and everywhere else. Privacy of email is absolutely important to protect against identity theft. Portable Thunderbird is a beautiful portable app with some really great features except for the one I need the most, and that is a password protection feature. Before accessing any emails, there needs to be a requirement to enter the correct password. I've heard some arguments that users should instead rely on user accounts within the operating system, but this is hardly relevant for a portable app since you often would not be using your own computer. Another argument is that password protection may not be a very secure type of protection, however I think most people are not hackers and most people also would not be interested enough to try and get around the password. I think the protection is mostly useful to guard against casual or amateur prying rather than professional hacking. However, even the most simple password protection has not been included in Thunderbird to my knowledge. Is there anyone else who is interested in this feature?
New: fdmPortable / Free Download Manager (Apr 29, 2024), Platform 29.5 (Apr 24, 2024)
1,100+ portable packages, 1.1 billion downloads
Please donate today
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
It's called the master password.
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
but of course not the mails, addresses, account settings or other data itself, mails are still stored in plain text on the drive readable for everyone.
So while it will become difficult to missuse the stored accounts (password will be missing), the mails are fully open still.
There is also an extension called 'profilepassword' , this will simply ask a password when someone tries to open the GUI, but of course also here, all data and mails and addresses etc are provided in plain text on the drive, no hacking or password cracking needed, just notepad.exe
I am still confused with why someone likes to take the extra step to enter again one more password when all data are still readable for everyone without any tricks to bypass' passwords etc.
Otto Sykora
Basel, Switzerland
You are not the only one who is still confused. Thunderbird as a portable app should come encapsulated in its own encrypted container or other such feature to protect "data" from being opened by a text editor. I mean come on, let's be fair dinkum about this, what kind of data do people store in their email account? As for me, I have a gmail account and I use gspace to backup all my crucial data, some of which pertains to banking and finance, as well as system logs and suchlike. Furthermore, every time you take membership in a site, they email to you your username and password and of course you don't want anyone else to access this email. So bearing all this in mind, I think in this scenario the very idea of portable email is a ridiculous notion in the first place because of its inherent security risk. It is only useful if you use email for innocuous non-personal, non-sensitive conversations, and not for 'normal' email pertaining to memberships or data backup. In which case it's not a very useful email account is it.
The only solution to this that I can find is to run portable Truecrypt and keep the Thunderbird folders inside the encrypted container. It just seems a jolly nuisance to have to run another program before I can run Thunderbird. Actually, I think webmail is far easier except when internet access is not available, but occasions and locations where this is likely to be the case are few and far in between in this day and age.
Martin
in that if you would lose your usb or whatever portable hard-drive you may use, then yes, the need for encryption is a high priority.
If there are sensitive items, keep them on the server that feel is most secure and don't download them to your Local Folders.
Don't be an uberPr∅. They are stinky.
this is one of the drawbacks of thunderbird, I assume this is something historical.
This can not be changed here, the mozilla devs have to make one day something new.
And note: Thunderbird is not a portable app itself, it is jsut one of many apps wrapped to become portable by portableapps.com.
I don't know about the behavior of other mail clients in recent times in detail, well outlook had always a kind of internal obfuscation of the contents, OE was not easy to read, but possible, earlier mail clients were simply build so they store all in some kind of plain text format. Most mail clients have infos stored more or less human readable still, apart from those 'big' once as outlook.
One can put all into a container like truecrypt, but it is not portable very much as it needs admin rights on the host machine.
There is simply no solution to the problem apart from some hardware encryption stick.
I am using: http://www.corsair.com/usb-drives/padlock.html
----
Had just quick look how other mail clients apart from outlook store data.
DreamMail: mails are in .eml format, which is simple text file, message source in fact.
Windows Live Mail, the current free mail client from MS: stores mails in .eml format
All plain text, each mail single file, with date and time.
Would probably find out that other simple mail clients like incredimail and similar toys behave compatible.
Otto Sykora
Basel, Switzerland
How about the ago-old solution of putting ThunderbirdPortable (or any other app for that matter) inside a TrueCrypt/FreeOTFE encrypted container. Of course you have all the problems associated with that, namely that admin rights are required, but it is a solution if data security is paramount.
What about this extension? https://addons.mozilla.org/en-US/thunderbird/addon/master-password/
It was already stated that something like a master password is easily bypassed, and doesn't do anything to protect the actual data. All the emails are still readable directly from the disk.
In addition, if you look about halfway down the page on that link you'll see that it states:
.
So, this is not the solution.
the whole text - too quick on the draw
does protect all other passwords stored in the password store of the app, it does not protect any other data as mails etc. Those remain stored in text, readable for everyone within the profile.
Otto Sykora
Basel, Switzerland
Not long ago, it would have been prohibitively expensive to get a flash drive with hardware-level security. But now, just Google "Secure Flash Drive" and you get a wide range of prices and solutions.
IronKey is still expensive, but there are plenty of others that use a variety of different security systems, including combination locks and fingerprint swipers.
A lot of these are very affordable.
Sure they are more expensive than your generic Staples flash drive, but if security is really a concern, then you should be willing to spend a little more to protect your info.
I made this half-pony, half-monkey monster to please you.
Use truecrypt to encrypt the USB or part of it. Else try OTFE as I think that overcomes to a limited extent Admin rights issues.