[sylpheed:32953] feature request - master password to protect all account passwords

stef stef_204 at yahoo.com
Sat May 2 01:03:03 JST 2009


I wanted to suggest what I feel would be an important feature:  implementing a master password to protect all other account/server passwords.

For example, I use quite a few email accounts and all are IMAP with SSL.

I cannot remember all the passwords "mentally" so I tell Sylpheed to store them for me.

However, this leads to a security risk in that anybody could theoretically start up my Sylpheed client and download and read all my emails, on any accounts, etc.

Mozilla has an excellent counter-measure for this security problem in that they have implemented a master password that is requested of the user to access any other password, or protected email accounts.

This raises the security level.  I believe it is done on a "per session" basis.

Sure, I have a user password on my Linux box,so that in itself is a security measure; I can lock my Linux session as well.

But I wanted to mention this as it is still a concern to me, in cases where the other 2 measures do not apply (probably through oversight on user's part.)

Are there any other users interested in a "Master Password" feature?

Hiro, is it something you might consider adding to Sylpheed at some point?  Or perhaps, you consider time is better spent on the email features and not on redundant security features?

Lastly, are the account passwords currently stored with encryption or are they available to see to any snooping or prying eyes gaining access to your box (while you're at lunch for example) and looking for the exact right file where the passwords are stored, etc.?



More information about the Sylpheed mailing list