Hi,
I would like to try out kmail, but is there a way to set it up (IMAP) without storing any passwords?
I don’t want my passwords to be stored on the computer.
In Thunderbird it is possible to not store the password. So anytime I open it up I will be asked to enter my passwords for any of my e-mail accounts.
But in kmail, if I leave the password field empty, it just says that it cannot connect to the server, instead of asking me for my password.
If I’m reading you correctly, you trust neither the Blowfish nor the PGP encryption used by KWallet.
OK, OK – as Quantum Computing gains momentum, the people with the purchasing powers needed to purchase Quantum Computers and, the budgets needed to pay the electricity bills needed for their operation, will be able to crack any encryption where we store our passwords in a matter of minutes if not seconds.
@Franken14679: If I’m reading you correctly, you have no clue, right!? 
KMail inherently expects that KWallet will be used to store the passwords needed to access IMAP and POP3 accounts.
Although I’ve always steered clear of KWallet (never seeing the need for
it), that does not seem to create a problem with changing the SMTP
password, but makes it impossible to enter one for the POP account.And iof I then enable KWallet in System Settings, then KWallet keeps
butting into KMail sessions.
Also here – <kmail - Passwords (no kwallet)>
And, here in a KDE Bug Report – <Cannot disable IMAP/POP3 password saving if kwallet is enabled: Add “save password” checkbox to account configuration>.
Thank you for the research. I found many of these too, but as you mention, some are very old. And none does solve my issue.
So I think I just stay with thunderbird. It was just curiosity for the whole experience of kde.
And to your previous question. Regardless of quantum computers or anything like that in the future, I think even now there is no 100% secure system.
I just want to type in my passwords manually and not store them on the PC.
Thanks again.
May I point you to someone who understands encryption – he is a cipher algorithm designer → Bruce Schneier.
How did I get to hear about Bruce Schneier?
This is unrealistic, especially if you have more than a couple of passwords which are actually secure - it is difficult to type such passwords accurately and almost impossible to remember them without writing them down.
If you’re worried your computer isn’t secure, then you must encrypt the drive.
Thank you.
I write them down, but do not store them on the pc, like I said.
I never said you didn’t write them down.
I have three passwords written down, it takes at least a few minutes to copy them and type them out - those are ‘vault’ passwords… and they are followed up with 2FA confirmation, so that even if someone has a Quantum Computer that can hack them (they would take years to hack by other means) then they would then fail at the 2FA stage… unless they could also hack my phone, crack the biometrics, and be ready to enter the code.
TL;DR my accounts are totally safe from 1. Local hacking (i.e. computer gets stolen) or 2. Web hacking (due to requiring a local physical connection via 2FA).
I could not imagine being paranoid enough to think that it would be better to make all passwords secure and to type them out every time…
a44Akr^6Z*4Yy8XJHAbbS
Ni2f9Nx&igN*%nqx8!W^V
n&J4JZgx4pL$B&sKAYDnm
Though of course, it would be easier if you use passphrases instead…
fondling-unscented-muzzle-reorder-scary-hedge
librarian-charging-unloader-outweigh-gush-freely
trace-tightrope-staple-varied-goal-unearth
bonehead-handled-driveway-shakable-lavender-uncoated
But surely if that WAS the case, you would have said ‘passphrase’.
Now, imagining that most folks have at least a couple of dozen such passwords - do you write them down only in one location, or do you have a duplicate for when you go out?
Also, can you honestly say that you can reliably and accurately copy a password like this? Surely you can’t look at it and then type it out, you’d have to keep going back to refer to it and type chunks, just a few characters each time…
I know that I’ve tried this a few times in the past with a few Vault passwords, and gave up - instead, I now rely on a long and (most importantly) RANDOMLY GENERATED passphrase which I have partially memorised so that I can remember it from only the initials (which is what I have written down in a note on my phone, and which is written on a card next to my computer).
Obviously there would be more to it than that, am I right? You will have 2FA enabled on all of these passwords - otherwise your security is weak.
The answer to your question is actually a very short web-search away…
Personally, I do not belong to the group who believe that this is a solution –
Decryption needs CPU cycles → electrical energy.
Therefore, “encrypting everything” is, from an environmental view, definitely not a good idea.
Encrypting an open source operating system definitely doesn’t make sense →
There ain’t no secrets in there …
And, there’s the performance hit due to the need to decrypt everything before it can be used – and, the electricity consumed to perform the (unnecessary) decryption is also environmentally and ecologically not a good idea for this planet.
Password Wallets were invented by the people who design encryption algorithms – which is why such items are encrypted with strong algorithms.
Encrypting something which is already strongly encrypted really doesn’t make any sense at all.
Yes, we need to encrypt some things –
User Passwords – it’s taken 40 years to crack the password Ken Thompson used on one of the original BSD UNIX® systems.
E-Mail in transit – currently, it’s quite difficult to find e-Mail servers on this planet which do not encrypt the outgoing traffic and, which do not enforce that the clients encrypt their outgoing traffic to the SMTP servers they’re using.
You say this, yet you still imagine that writing down all your passwords and entering them manually is a better option…
Your choice, you got your answer.
System Backup.
A problem for Password Wallets which needs to be carefully addressed –
Personally, I do not backup the KWallet files on NAS drives – my “rsync” parameters specifically exclude the user directories where the KWallet files are stored.
I do backup exported KWallet information to removable drives –
To encrypt or not to encrypt – that’s the question –
If you lose the encryption key(s) then, you’ve lost your passwords …
If you’re really worried about physical security then, you’ll have to invest in either a Safe or, a Strongroom – be careful not to lose either the key or, the pass-code or, both … 
Also, a list of passwords held on paper.
But, use a lead pencil to write the passwords down – in the case of a flood, the lead pencil text will remain readable – anything written with ink will be lost.