Thunderbird ... under thunderstorm ...

dschinn1001

Hello - I have already posted this to bugzilla.mozilla.org - an issue with thunderbird and its password administration as normal password or as encrypted password (is not working) in version 68.6.0 -

So then bugzilla.mozilla.org advised me to update to version 68.7.0 - this is not meant to urge you or to rush you, it is only meant as security bug (feature) with password is fixed in 68.7.0

WetGeek

dschinn1001

Glad I use LastPass to store my passwords, instead of email clients or browsers.

kyrios

dschinn1001 If there is a security issue

You report it via the appropriate link on the Dev Tracker, publicly reporting vulnerabilities publicly on a forum is unacceptable.
You provide the source instead of telling I reported it without giving the link

FWIW The release notes of thunderbird 68.7.0 don't report any security fix that look like the problem you described.

dschinn1001

kyrios At bugzilla or mozilla it is chaotic as Java is chaotic too ... - no offense - but my description has been removed or shifted to somewhere else, because it was "duplicate" or whatever ...

I think we can close this thread - thunderbird will be updated anyway in 2 or in 4 weeks. It was in this case an issue with file-permissions (because files regarding password management were soft and could be manipulated for phishing attacks). And it was regarding the login-management with passwords at thunderbird ("normal" password - or "encrypted" password in password settings of thunderbird did not work with imap (of Google)). This is not alone my fault. Maybe I was too quick, because I live sometimes 10 years ahead in the future.

WetGeek

kyrios If there is a security issue

Points taken, but I'm STILL very pleased with LastPass. In all the years I've used it, there's never been any hint of a security breach. And recent updates have made it even easier to use, to create very strong passwords and add the new items to your "vault."

kyrios

dschinn1001 At bugzilla or mozilla it is chaotic as Java is chaotic too ... - no offense - but my description has been removed or shifted to somewhere else, because it was "duplicate" or whatever ...

I can understand you don't like bugzilla (I also don't like it), but if you can't find back your own tickets using the search or by clicking the link in the notification mail you got when you reported the defect isn't a problem with the tool...

https://bugzilla.mozilla.org/show_bug.cgi?id=1627625

brent

WetGeek I've been sitting on this thought for a while. I'd love to trust someone like LastPass. An online service. Good service record. Etc. So if they generate an autofill there's that and what if there were a data breach?
2 points of vulnerability , I guess, if I were to visualize.

I use our own pwgen for passwords as well as my own twisted head. I keep them on pen and paper. And a .txt file that I back up. No cloud. So what's going to do me in? A burglar. And Remote Access (hijack) of my computer to find .txt file. The USB backup is safe. So 2 points of vulnerability for me.

I wonder if there was some statistician or actuary that could actually put a quantifiable numerical ranking of password security methods?

Or is there just too many variables to call one method better than the other.

MODS: sorry to resuscitate this dog. If it's stayed in my mind for 2-3 days and not gone away, then even one POV at solus is worth more to me that the first 30 hits of any search engine these days.