I think explaining this to users easily and clearly - in a way that they'll read, take notice of and understand - is going to be hard. Then you'll get complaints that Thunderbird isn't doing what it says. Let someone come along who is slightly skilled, and they'll access your profile folder and read your emails there. The issue here is that if you start providing something that says you can't access Thunderbird without entering this password, people will start believing that Thunderbird is protected and no-one can read their email. I still think that's quite reasonable perspective to take, as otherwise you start "going down a rabbit-hole". In the past, we've pretty much always said we won't support this, and recommended separate logins and use OS profile protections, or use an applications which can sandbox other applications.
0 Comments
Leave a Reply. |