"2FA" vs "Open PGP key" vs "S-MIME certificat"
Hello,
I want to install a lock on my mailbox. I thought two factor authentication is the best way to do so. However, I do not see any info about 2fa and Thunderbird. What I do see is: info about Open PGP key and S-MIME certificats to encrypt messages. I think both adds to security, however, it appears to me that the 2fa is the real lock and encrypting messages is useful in case the lock hasn't worked well: the messages can be read by a third person, but not understood. Is that right? And do I understand it correctly that there's no 2FA option for thunderbird? Is encrypting messages as safe and convenient as 2FA?
Hopefully someone could help me out...I'm a non-techie as you might already assume;), hopefully this can be taken into account..
Thanks! Simone
Все ответы (2)
Hello Simon,
2FA on the one hand and OpenPGP and S/MIME on the other hand are not related. In fact, the two are solutions for different problems.
2FA ensures that anybody who wants to login to your email account or who wants to connect to it using an email client like Thunderbird must provide a second factor (the 2F in 2FA). It is not enough to just know your username or e-mail address and your password. A second factor is required in addition to the password, which would be the first factor. An important characteristic of this second factor is that it is not some fixed value like your password (something you know). The second factor is often linked to you as a person (think of your fingerprint or your face, something you are) or it is something that is valid only for a limited time and can only be generated by a special device or tool (something you own). Both types require you to be present while connecting to your email account. You must present your fingerprint or your face or you must read the currently valid code from the special device. It is difficult to automate these actions. Therefore email clients like thunderbird usually don't support 2FA. Usually you don't want to present the second factor every time you open your email client.
OpenPGP and S/MIME are ways to encrypt email between the sender and the receiver. The sender and the receiver agree on a shared secret (usually using something called public-key cryptography). The sender then encrypts the email on his device using this secret. Only then does he send the email to the receiver. The receiver then uses the secret to decrypt the email on his device. During the whole way the email takes from sender to receiver it is encryped. This is even true while it is sitting on some email server, waiting for it to be delivered. Nobody except the sender and the receiver are able to ever decrypt the message.
You can combine 2FA and OpenPGP and S/MIME. You can use the former the make it impossible to access your email account for some attacker who managed to steal your password. You can use the later to make sure that nobody can read an email other the the receiver you want to be able to read it.
Thunderbird supports OpenPGP and S/MIME out of the box. I am not aware of any way to use 2FA.
Is the scenario that someone might get on your computer and start Thunderbird?
You can prevent Thunderbird from immediately/automatically connecting to your mailbox to send/receive mail by creating a Primary Password: Protect your Thunderbird passwords with a Primary Password. (Important: do not forget this password!)
However, that won't prevent them from starting Thunderbird, canceling the password prompt, and seeing all previously sent/received messages (similar to working offline).
I don't know whether there is any built-in or add-on method of requiring a credential to view previously sent/received messages saved in Thunderbird.
Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.