On Sunday, 24 December 2017 23:14:21 CET [email protected] wrote: > Okay so I read all of that lol, and I understood it all but what if there > was an e-mail client that used the browser method? You get logged in to > all your emails without retrieving anything then switch to cookie > authentication and forget the password, that way when the zero-day > happens you only lose your cookie which is probably not as powerful as > the actual password(ie I dont think you can change your password with > just the cookie) plus the zero day can't "permanently" compromise > thunderbird cause you opened it in a disposable , just only after this > odd login method over and over again =p. Maybe that's overdoing it > but....I don't want to change my passwords ever so laziness commands me > to want such a thing XD.
I think you may have misunderstood the idea behind the initial post you quoted; > "there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it" The thought behind that quote is that you have to trust your open software running on your machine and there is no way around that. As the quote says, feel free to let it remember your password. No point in trying to be smart. So if you run thunderbird in a qube that has (access to) password and/or emails, you better trust that open source software with that information. So make sure your software is from a trusted source. Personally, I' d avoid thunderbird and anything from mozilla, but thats just me. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2283324.qrAAk4daPN%40strawberry. For more options, visit https://groups.google.com/d/optout.
