Password Protected ProtonMail Bridge
ProntonMail Bridge needs to be protected by password. As anyone who uses the pc, can easily see the mailbox username and password in the bridge. Unless the user remember to logout from the bridge properly each time after used, else the bridge will remember the login credential forever. This is a serious security loophole. Especially for those who share their pc.
Jim
shared this idea
-
Jean Lafontaine
commented
I think the original post is still a good request. Actually, you must keep all user connected to bridge to be able to send or receive email from IMAP/SMTP client.
There is no problem if the account connected is only for one email address, but if you use alias or custom domain with multiple inbox, you do not want all those mailboxes available to the IMAP/SMTP client. Actually, someone can add an IMAP account to access those mailboxes without authorization because one of the mailbox need to be accessible anytime and so the proton account is always connected to bridge . There should be password protection for each alias or account before accessing IMAP/SMTP connection information
-
Anonymous
commented
I think OP may have been talking about an approach not unlike what Thunderbird does: Thunderbird memorizes the IMAP password for an account in encrypted form, and upon startup you type in a local password to decrypt that IMAP password. The way Proton Bridge works, would be analogous to typing in your IMAP password into Thunderbird every time.
-
AdminProton
(Admin, Proton)
commented
It is protected by a password - the user needs to log in first, using their credentials.
If the device is shared, the user should log out, like from all the other accounts. This is by no means a security issue. -
Stephanie Anne
commented
has this been sorted out? I hope so as it defeats the purpose of moving to protonmail for extra privacy if not...