Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Does Primary Password encrypt saved passwords?

  • 9 replies
  • 0 have this problem
  • 6 views
  • Last reply by david

more options

Tried googling and couldn't find a definitive answer.

Tried googling and couldn't find a definitive answer.

All Replies (9)

more options

No, it is just a protection for accessing that Thunderbird profile.

more options

Is there a way to implement password encryption that I'm missing? If not then how is this still not a feature of Thunderbird?... Claws Mail has had it since 2016 if not earlier

more options

The passwords are already encrypted. Use of the password manager just prevents anyone accessing Thunderbird. When you gain access to Thunderbird, the passwords are unencrypted.

more options

Excuse my probable lack of tech-savvyness here but what kind of encryption is that if data gets decrypted when Thunderbird opens? If a malware gets access the user profile folder, what's stopping a third party from decrypting it on their own, if there are no passwords or keys?

more options

If decryption doesn't take place, you cannot access your email. There must be a moment when the password is unencrypted so the account can be accessed. The password is encrypted again when submitting to email provider if account is using some form of SSL/TLS.

more options

Sorry but that doesn't seem to be addressing my question... what would stop a third party from accessing my email accounts if it manages to copy my user profile folder along with saved passwords?

more options

It would have to figure a way to decrypted the passwords, as they do not appear in the profile on disc.

more options

I see they are stored in logins.json, in an encrypted form. Whatever the encryption method is there, why would a malefactor need to decrypt it when they can steal the whole profile folder and use it on their device as their own?

more options

Now you're back to the primary password. It serves that need. And I have yet to encounter malware that copies the entire profile; they don't work like that.