Why not just save you passwords. I really do not understand typing them over and over. This is especially so with Gmail and others requiring the use of oAuth which is not designed at all with not saving passwords in mind.

based on discussions in Steve Gibson's security now podcasts, i believe that browser storage of passwords is not really safe because once the user is logged in using the master password, the passwords are available as plain text. is that not true? why not fix TB so that it works the same way it has for the > 20 yrs. before 91.4.1?

based on discussions in Steve Gibson's security now podcasts,

Never heard of him.

i believe that browser storage of passwords is not really safe because once the user is logged in using the master password, the passwords are available as plain text. is that not true?

Available to whom? In what circumstances? Passwords are never in an unencrypted state on the disk if that is what you mean. The master password encrypts the encryption key used to encrypt the passwords on disk. Entering the master password allows the application to decrypt the passwords as required. Then there is the fact Thunderbird is not a browser as such.

why not fix TB so that it works the same way it has for the > 20 yrs. before 91.4.1?

I don't know that it does not. You, one user out of millions have appeared to say it does not. It certainly works for me. These are my results I just generated on a non working account. It could not authenticate because I don't know the password.

followed by the obvious error

And then the dialog you say does not appear.

So what is to fix on your machine I really do not know. As standard diagnostics we recommend trying the same without addons by restarting in troubleshoot mode from the help menu (continue into that mode when prompted.

Failing that we suggest folks try safe mode of the operating system with networking. Removing all the third party software that generally kicks in when Windows starts allows just the basic operating system and Thunderbird to run to ensure the issue is not in the startup programs. While in Windows safe mode try the troubleshoot mode in thunder bird again, just to see if the problem is involving two things interacting to produce the error.

Just as an aside, many security software products / Antivirus / Internet security suites have password vaults these days and they are quite prone to messing password management up.

i am surprised that you have not heard of Steve Gibson. his web site https://www.grc.com/intro.htm has many security oriented tools and he does a weekly podcast https://www.grc.com/securitynow.htm that focuses on security events and detailed technical explanations of security issues.

i know TB is not a browser, but i assume it uses the same password system as Firefox.

i tried restarting in troubleshoot mode, and the same thing happens.

thanks for the suggestions, but i would like to see TB go back to the way it used to work before i updated to 91.4.1. i didn't make any other change to TB or anything else on my system.

re : i believe that browser storage of passwords is not really safe because once the user is logged in using the master password, the passwords are available as plain text. is that not true?

Assuming you have set up computer with User Accounts, then you would need to know the password of that user account just to access the desktop of that user. Then you could start Thunderbird within that User account.

If you have set up a master password in Thunderbird then only the person who knows the master password can get access to seeing what passwords are stored for the mail accounts. Without the Master Password you do not get access to viewing stored passwords. So if you mean can you see your own stored passwords then yes. You need to see them in order to Edit them if required. But Thunderbird needs to be running; the passwords are not actually stored in a simple readible format.

If you forget the Master Password and need to reset it, then all stored passwords are deleted. Both Master Password and all stored mail account passwords. This is for Safety - just in case you Exit Thunderbird, but remain Logged onto your User Account and choose to walk away when other people could use that computer. If someone else starts up Thunderbird, they will be prompted for Master Password.

Basic safety - Always exit Thunderbird when leaving computer. Do not leave your computer logged onto your User Account when it can be accessed by others. This is particulary important in shared office/work type of environment.

But what about this making passwords available to read in a simple text file. If you use the Master Password to see your saved passwords and then choose to copy those passwords and paste them into a text program like Notepad and save it as an easily accessible file. Then yes you have now deliberately made those passwords available to see as plain text. But what numpty would choose to do that when they have gone through all the process of creating computer User Accounts accessible only via a password and also set up and use Master Password to add additional level of security to seeing stored passwords.

If people choose to deliberately expose or make available their passwords or allow them to be available in easily readible text files then no one - no program - can do anything about it.

I'm not sure if you were refering to this pdf link - page 8 or 9, https://www.grc.com/sn/sn-850.pdf But Firefox added extra precautions.

i don't remember which sn's covered browser pw concerns, they were several years ago, not sn-850. i think the problem had something to do with the pw's being plain text in ram once the master pw was entered. remote accessing of ram is certainly not a simple hack, but it has happened. this is limitation of all pw managers, but most don't display all the pw's in neat little table. thanks for the comments.