[sylpheed:32956] Re: feature request - master password to protect all account passwords
stef_204 at yahoo.com
Sat May 2 03:47:32 JST 2009
I meant to say it should be an optional feature, meaning those who want to use it and implement stronger security, use it.
Those whom are happy with the way things are, have it as an optional feature but will not use it.
--- On Fri, 5/1/09, Andrei Mircea <mircea.andrei at orange.fr> wrote:
> From: Andrei Mircea <mircea.andrei at orange.fr>
> Subject: Re: [sylpheed:32953] feature request - master password to protect all account passwords
> To: stef_204 at yahoo.com, sylpheed at sraoss.jp
> Date: Friday, May 1, 2009, 1:03 PM
> I vote against this idea. There are already much too many
> passwords in this world...
> On Fri, 1 May 2009 09:03:03 -0700 (PDT)
> stef <stef_204 at yahoo.com> wrote:
> > Hi,
> > I wanted to suggest what I feel would be an important
> feature: implementing a master password to protect all
> other account/server passwords.
> > For example, I use quite a few email accounts and all
> are IMAP with SSL.
> > I cannot remember all the passwords
> "mentally" so I tell Sylpheed to store them for
> > However, this leads to a security risk in that anybody
> could theoretically start up my Sylpheed client and download
> and read all my emails, on any accounts, etc.
> > Mozilla has an excellent counter-measure for this
> security problem in that they have implemented a master
> password that is requested of the user to access any other
> password, or protected email accounts.
> > This raises the security level. I believe it is done
> on a "per session" basis.
> > Sure, I have a user password on my Linux box,so that
> in itself is a security measure; I can lock my Linux session
> as well.
> > But I wanted to mention this as it is still a concern
> to me, in cases where the other 2 measures do not apply
> (probably through oversight on user's part.)
> > Are there any other users interested in a "Master
> Password" feature?
> > Hiro, is it something you might consider adding to
> Sylpheed at some point? Or perhaps, you consider time is
> better spent on the email features and not on redundant
> security features?
> > Lastly, are the account passwords currently stored
> with encryption or are they available to see to any snooping
> or prying eyes gaining access to your box (while you're
> at lunch for example) and looking for the exact right file
> where the passwords are stored, etc.?
> > Thanks.
More information about the Sylpheed