When are you going to make the master password a "real" master password

I must type my 3master Password for each protected email account I have 
(4). This is really annoying. The bug has been open since 2010 or so...

Nothing fancy, just bug fixing...

-- eric
0
Eric
3/11/2018 11:29:46 AM
mozilla.support.thunderbird 22506 articles. 4 followers. Post Follow

15 Replies
82 Views

Similar Articles

[PageSpeed] 44

On 11/03/18 11:29, Eric Valette wrote:
> I must type my 3master Password for each protected email account I have (4). This is really annoying. The bug has been open since 2010 or so...
>
> Nothing fancy, just bug fixing...
>
> -- eric
Well, I have been using the Startup Master add-on to work around this problem. But recently I stopped to think about why I am using the Master Password at all.

What does it do for me that the OS's user account and password don't already do?

I have switched off the Master Password and dumped Startup Master.
-- 
Chris
0
Chris
3/11/2018 11:55:33 AM
On 3/11/2018 7:55 AM, Chris Ramsden wrote:
> On 11/03/18 11:29, Eric Valette wrote:
>> I must type my 3master Password for each protected email account I have (4). This is really annoying. The bug has been open since 2010 or so...
>>
>> Nothing fancy, just bug fixing...
>>
>> -- eric
> Well, I have been using the Startup Master add-on to work around this problem. But recently I stopped to think about why I am using the Master Password at all.
> 
> What does it do for me that the OS's user account and password don't already do?
> 
> I have switched off the Master Password and dumped Startup Master.
> 
If you want to eliminate the typing of passwords, you could put set them 
up as strings in an addon like Clippings.  When you want to use the pass 
word, pop up clipping and insert the pass word in the proper blank.

Clippings is available for Firefox and Thunderbird.

0
Keith
3/11/2018 12:36:47 PM
On 2018-03-11 7:29 AM, Eric Valette wrote:
> I must type my 3master Password for each protected email account I have 
> (4). This is really annoying. The bug has been open since 2010 or so...
> 
> Nothing fancy, just bug fixing...

 From your wording "When are you going to...", I get the feeling that 
you think the people here are developers or Mozilla employees. They're 
not. The people that answer questions here are users just like you, 
volunteering their time.

If you already know the bug number, you can get updates on the progress 
of the bug by creating a bugzilla account, and adding yourself to the CC 
list of the bug.

If you want to fix the bug, remember to check the assignee field to see 
if anyone else is assigned the bug. Thanks.

-- 
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator
0
Chris
3/11/2018 3:42:22 PM
On 11/3/2018 19:29, Eric Valette wrote:
> I must type my 3master Password for each protected email account I have
> (4). This is really annoying. The bug has been open since 2010 or so...
>
> Nothing fancy, just bug fixing...

I really think it's a BAD idea to store passwords in browsers and email 
clients.

Secure your self, don't do it! ;)

-- 
   @~@   Remain silent! Drink, Blink, Stretch! Live long and prosper!!
  / v \  Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
   ^ ^   (x86_64 Ubuntu 9.10)  Linux 2.6.39.3
不借貸! 不詐騙! 不賭錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 
(CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
0
Mr
3/11/2018 3:51:12 PM
On 11/3/2018 23:51, Mr. Man-wai Chang wrote:
>
> I really think it's a BAD idea to store passwords in browsers and email
> clients.
>
> Secure your self, don't do it! ;)

And if your brain is too old to remember passwords, use a separate 
password manager (e.g. KeePass). *AVOID* a direct, easy transfer 
between passwords and applications.

-- 
   @~@   Remain silent! Drink, Blink, Stretch! Live long and prosper!!
  / v \  Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
   ^ ^   (x86_64 Ubuntu 9.10)  Linux 2.6.39.3
不借貸! 不詐騙! 不賭錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 
(CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
0
Mr
3/11/2018 3:55:36 PM
Chris Ilias wrote on 3/11/2018 9:42 AM:
> On 2018-03-11 7:29 AM, Eric Valette wrote:
>> I must type my 3master Password for each protected email account I 
>> have (4). This is really annoying. The bug has been open since 2010 or 
>> so...
>>
>> Nothing fancy, just bug fixing...
> 
>  From your wording "When are you going to...", I get the feeling that 
> you think the people here are developers or Mozilla employees. They're 
> not. The people that answer questions here are users just like you, 
> volunteering their time.
> 
> If you already know the bug number, you can get updates on the progress 
> of the bug by creating a bugzilla account, and adding yourself to the CC 
> list of the bug.
> 
> If you want to fix the bug, remember to check the assignee field to see 
> if anyone else is assigned the bug. Thanks.

Chris, since the "bug" has been around since 2010, he needs a little 
help. Contacting developers through "proper" channels has always been a 
mixed bag with Mozilla. There needs to be a forum for users to ask, 
suggest, demand certain development actions and a filter to carry 
appropriate messages to the back room. Every week or two someone uses 
these support forums to ask why some bug older than the hills is still a 
bug. Don't you think that after 8 years(!) either 1) the bug should be 
fixed or 2) an annotation should be added that says either a) this isn't 
a bug or b) it's a bug but we don't care. There seems to be a rather 
disdainful attitude towards user-reported bugs and that leads to these 
sort of threads.

Perhaps as our moderator, you could carry this message to the back room?
-- 
Jeff Barnett
0
Jeff
3/11/2018 6:12:37 PM
On 3/11/18 7:12 PM, Jeff Barnett wrote:

> Chris, since the "bug" has been around since 2010, he needs a little 
> help. Contacting developers through "proper" channels has always been a 
> mixed bag with Mozilla. There needs to be a forum for users to ask, 
> suggest, demand certain development actions and a filter to carry 
> appropriate messages to the back room. Every week or two someone uses 
> these support forums to ask why some bug older than the hills is still a 
> bug. Don't you think that after 8 years(!) either 1) the bug should be 
> fixed or 2) an annotation should be added that says either a) this isn't 
> a bug or b) it's a bug but we don't care. There seems to be a rather 
> disdainful attitude towards user-reported bugs and that leads to these 
> sort of threads.
> 
> Perhaps as our moderator, you could carry this message to the back room?

Bug 643265 that is marked as fixed but has never been in fact.
Bug 1180374 is identical and has many duplicates

So except making bad publicity saying dev are unable to fix a known bug 
that each days ask me to enter a master password 4 times each time I 
start TB, I'm a bit out of solutions.

-- eric


0
Eric
3/12/2018 8:01:25 AM
On 3/12/18 4:01 AM, Eric Valette wrote:
> On 3/11/18 7:12 PM, Jeff Barnett wrote:
>
>> Chris, since the "bug" has been around since 2010, he needs a little 
>> help. Contacting developers through "proper" channels has always been 
>> a mixed bag with Mozilla. There needs to be a forum for users to ask, 
>> suggest, demand certain development actions and a filter to carry 
>> appropriate messages to the back room. Every week or two someone uses 
>> these support forums to ask why some bug older than the hills is 
>> still a bug. Don't you think that after 8 years(!) either 1) the bug 
>> should be fixed or 2) an annotation should be added that says either 
>> a) this isn't a bug or b) it's a bug but we don't care. There seems 
>> to be a rather disdainful attitude towards user-reported bugs and 
>> that leads to these sort of threads.
>>
>> Perhaps as our moderator, you could carry this message to the back room?
>
> Bug 643265 that is marked as fixed but has never been in fact.
> Bug 1180374 is identical and has many duplicates
>
> So except making bad publicity saying dev are unable to fix a known 
> bug that each days ask me to enter a master password 4 times each time 
> I start TB, I'm a bit out of solutions.
>
> -- eric
>
>

So are you using Gmail with OAuth2 enabled?

https://bugzilla.mozilla.org/show_bug.cgi?id=1176399

You might be interested in this blog post by the developer of Adblock 
Plus and other extensions.

https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother

-- 
Best name ever! Cadet Bone Spurs
Coexist <https://www.coexist.org/>
National Popular Vote <http://www.nationalpopularvote.com/>
Ubuntu 16.04LTS - Unity Desktop

0
WaltS48
3/12/2018 1:42:23 PM
On 03/12/2018 02:42 PM, WaltS48 wrote:

>> Bug 643265 that is marked as fixed but has never been in fact.
>> Bug 1180374 is identical and has many duplicates

> So are you using Gmail with OAuth2 enabled?

Not on all machines, but enabling it prompts for one more passwd...

-- eric


0
Eric
3/12/2018 3:22:19 PM
On 03/12/2018 02:42 PM, WaltS48 wrote:

>> Bug 643265 that is marked as fixed but has never been in fact.
>> Bug 1180374 is identical and has many duplicates

> So are you using Gmail with OAuth2 enabled?

Not on all machines, but enabling it prompts for one more passwd...

-- eric


0
Eric
3/12/2018 3:22:19 PM
On 03/12/2018 02:42 PM, WaltS48 wrote:

> You might be interested in this blog post by the developer of Adblock 
> Plus and other extensions.
> 
> https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother 

This is interesting but not relevant : this explains that the way the 
password are stored is cryptographically bad, but at some point in time 
without master password they were even stored in clear or ROT13...

Changing the crypto for SHA512 or whatever is a solution to this problem.

And BTW I also use keepassxc for many things but nor for email.

-- eric



0
Eric
3/12/2018 3:28:26 PM
On 03/12/2018 02:42 PM, WaltS48 wrote:

> You might be interested in this blog post by the developer of Adblock 
> Plus and other extensions.
> 
> https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother 

This is interesting but not relevant : this explains that the way the 
password are stored is cryptographically bad, but at some point in time 
without master password they were even stored in clear or ROT13...

Changing the crypto for SHA512 or whatever is a solution to this problem.

And BTW I also use keepassxc for many things but nor for email.

-- eric



0
Eric
3/12/2018 3:28:26 PM
On 2018-03-12 4:01 AM, Eric Valette wrote:

> Bug 643265 that is marked as fixed but has never been in fact.
> Bug 1180374 is identical and has many duplicates
> 
> So except making bad publicity saying dev are unable to fix a known bug 
> that each days ask me to enter a master password 4 times each time I 
> start TB, I'm a bit out of solutions.

Unless you know the code, let's stay away from making judgment calls 
about how easy the bug is to fix.

As a workaround, you could try setting only one account to check for 
messages at startup, then click on the down-arrow beside [Get Messages], 
and click "Get All New Messages".

To set an account not to check for messages at startup, go to 
[=]-->Preferences-->Account_Settings-->[Your_account_name]-->Server_Settings, 
then disable "Check for new messages at startup".

-- 
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator
0
Chris
3/12/2018 4:29:45 PM
Eric Valette wrote:
> WaltS48 wrote:
>> You might be interested in this blog post by the developer of Adblock 
>> Plus and other extensions.
>> https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother 
> 
> This is interesting but not relevant : this explains that the way the 
> password are stored is cryptographically bad, but at some point in time 
> without master password they were even stored in clear or ROT13...

Yeah, those were the days... For humorless types we used ROTFL13.

-p

0
PietB
3/14/2018 10:54:26 AM
On 3/11/18 4:55 PM, Mr. Man-wai Chang wrote:

> And if your brain is too old to remember passwords, use a separate 
> password manager (e.g. KeePass). *AVOID* a direct, easy transfer between 
> passwords and applications.

On the other hand, if you remember all password you use, they are 
probably not lenghthy enough, easy to remembet and thus easy to crack 
and not different for each account...

-- eric



0
Eric
3/18/2018 11:15:08 AM
Reply: