Both Firefox and Thunderbird store their Master Passwords separately. If you happen to import from an older Netscape or Mozilla profile and set a master password in that profile, Firefox and Thunderbird both inherit that master password.
The Password Management section of Thunderbird can be accessed by going to Tools | Options | Advanced. Under the Saved Passwords section, you can manage your Stored Mail password settings as well as set a Master Password for your account. Note that the Password Manager functionality in Thunderbird is based on the same principles as those in Firefox, so there will be some overlap here between what is discussed in Chapter 2, "Protecting Your Security and Privacy." I have elected to go into a little more depth discussing the Master Password settings than what was covered in Chapter 2.
Managing Your Stored Mail Passwords
Clicking View Saved Passwords allows you to manage your stored passwords. See Chapter 2 for more information about the Password Manager functionality as well as some screenshots.
What Is a Master Password?
A master password is a mechanism that can be used to protect different types of devices (both software and hardware devices). Both Thunderbird and Firefox have built-in Software Security devices, so you are able to use a master password to manage the information that is stored on the device (literally, the software).
If you work in an office, someone probably has the master key to the office (and, if you are like me, you are usually trying to find that person when the alarm in the Riser Room is going off for no apparent reason...and Sparky is whiningwell, that's another story...). While the Master Password is not actually the Master Key in this instance, it does protect the Master Key, which is the mechanism used to protect potentially sensitive datathings such as your email password or certificates, for example.
Why Would You Want to Set a Master Password?
You might be using a machine that other people have access to, and you don't want them to be able to download any new messages or send any messages from your account. If you have saved passwords and then set a Master Password, Thunderbird protects the saved passwords by prompting you for the Master Password when you click View Saved Passwords.
When you click Show Password in the Password Manager dialog box, Thunderbird prompts you for the Master Password before you are allowed to see the saved password information.
Setting a Master Password
In addition to being able to store your saved passwords, Thunderbird allows you to set a Master Password for your mail accounts. Follow these steps to set your Master Password:
An Extra Layer of Security Encrypting Versus Obscuring
"Encrypting" data and "obscuring" data are two very different animals. If you elect to save your mail passwords by using the Password Manager functionality built into Thunderbird, this information is stored locally on your computer in a file that is fairly difficult to crack (but it can be done). If you enable the check box in the first section that says "Use a master password to encrypt stored passwords," this file is then encrypted, making it extremely difficult for someone to open or view it.
Change Master Password
As shown in Figure 11-7, clicking Change Master Password launches a screen that allows you to change or set your Master Password. Make certain to pick a password that you will rememberif you forget your Master Password and have to reset it, you will lose all of your stored passwords. It also helps you to rely on the password quality meter when selecting a passwordusing combinations of numbers, letters (uppercase and lowercase), and symbols is always a good idea. Remember, if someone gets the master password to your account, he can easily masquerade as you in a number of ways.
Figure 11-7. The Thunderbird Change Master Password screen.
Master Password Timeout
You can use these settings to manage how often you want to be prompted for a Master Password. To be extra cautious, it might be wise to set the preference to "Every time it is needed."
Reset Master Password
Resetting your Master Password causes you to lose all your stored passwords as well as any certificates or keys.
Although Thunderbird contains features that can help protect your privacy and security, there are no magic bullets for trying to eliminate practices such as phishing. Spyware, worms, and viruses may be transmitted via email messages, but you can also unknowingly download them from a website, and when installed on your computer they can affect your email that may be stored locally. Remote image blocking and configuring your spam controls are two ways Thunderbird can help, but the onus is still on you to err on the side of caution when an email just doesn't "look right." One of the best ways to protect yourself is to make sure to use a good anti-virus program to scan your inbound and outbound email and to always keep your virus definitions up to date. Be cautious, watch your step, take your vitamins, and always remember to use real maple syrup on your pancakes.