My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
Master password interval for POP/IMAP mail accounts not working
It seems that when checking POP/IMAP accounts, the master password asking interval is not honoured: it is possible to check for new e-mails (Ctrl-K) even when the interval has passed (e.g. 5 minutes). I would expect Opera to ask again, as it does for page logins (where the interval works).The scenario is the following: if computer is stolen (in suspended mode), and Opera running, then it would be possible for the thief to write and receive e-mails, and possibly retrieve the password from computer memory.
Is there some setting that needs to be enabled? The SecurityPrefs|UseParanoidMailpassword in opera:config is set to true. Or is this a bug?
The interval is for reuse when a server asks for information protected by the master password. The master password is automatically flushed when the caching period expire.
While POP connections are used in a quick open, download, close sequence, IMAP connections are persistent, and can remain open for hours and perhaps days at a time. Mail servers will only ask for the password when the connection is being established (that is, password protected POP and SMTP servers will ask each time they are contacted, IMAP might ask a few times a day or days apart, depending on how stable the connection is, or what the policies of the server is).
The connections will be closed if you suspend the computer, since that shuts down the network connection (although it is conceivable that starting within seconds might not trigger that). That will also happen if you move the computer to a new network, since the computer will then have a different IP address, and since the connection between server and client is keyed to the IP addresses of each end, the connection will be broken, and reestablishing it will require a new login.
So, if your computer gets stolen the connections will be broken, and if the master password is no longer cached it will have to be re-entered. Grabbing the PC while it is active on the network and logged in, without moving it, is one possibility, but that can be protected against by using a password protected screen saver that starts after X minutes of no user activity, and using it to lock the computer when you are not sitting in front of it.
While POP connections are used in a quick open, download, close sequence, IMAP connections are persistent, and can remain open for hours and perhaps days at a time. Mail servers will only ask for the password when the connection is being established (that is, password protected POP and SMTP servers will ask each time they are contacted, IMAP might ask a few times a day or days apart, depending on how stable the connection is, or what the policies of the server is).
The connections will be closed if you suspend the computer, since that shuts down the network connection (although it is conceivable that starting within seconds might not trigger that). That will also happen if you move the computer to a new network, since the computer will then have a different IP address, and since the connection between server and client is keyed to the IP addresses of each end, the connection will be broken, and reestablishing it will require a new login.
So, if your computer gets stolen the connections will be broken, and if the master password is no longer cached it will have to be re-entered. Grabbing the PC while it is active on the network and logged in, without moving it, is one possibility, but that can be protected against by using a password protected screen saver that starts after X minutes of no user activity, and using it to lock the computer when you are not sitting in front of it.
Sincerely,
Yngve N. Pettersen
Yngve N. Pettersen
I understand all of this, but still I see that it doesn't work that way. I tried to set the interval to 5 minutes. Suspended the computer. Woke it up 1 hour later. Wasn't asked for master password. Although there was a popup that the connection to imap server was lost.
Also the setting "Every time needed" should make Opera ask every time I send an e-mail to a password-protected SMTP server, right? That doesn't happen either. E.g. sending a message with the wrong smtp password fails. Entering correct one (master pw asked, presumably for storing). Sent ok. Sending a new one, not being asked, although it's a new smtp connection. After that, collect mail via pop, not being asked, although the setting was to ask "Every time". Or is it possible that the server side doesn't ask for a password within certain connection intervals?
Also the setting "Every time needed" should make Opera ask every time I send an e-mail to a password-protected SMTP server, right? That doesn't happen either. E.g. sending a message with the wrong smtp password fails. Entering correct one (master pw asked, presumably for storing). Sent ok. Sending a new one, not being asked, although it's a new smtp connection. After that, collect mail via pop, not being asked, although the setting was to ask "Every time". Or is it possible that the server side doesn't ask for a password within certain connection intervals?
Forums » General Opera topics » Security and privacy in Opera