Closed
Bug 222408
Opened 21 years ago
Closed 9 years ago
implement master password timeout functionality + UI
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: ostap, Unassigned)
References
(Blocks 1 open bug, )
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 I can set the timeout value after "It has not been used for" but I'm missed the button to "submit" the settings. Reproducible: Always Steps to Reproduce: 1. go to the url chrome://pippki/content/pref-masterpass.xul 2. select the last radio button 3. enter the timeout 4. look for the submit button ;) Actual Results: timeout settings are not stored Expected Results: we expect a new timeout to be set standard firebird 0.7 installation + Flash + ?Acrobatreader6.0 plugin
|
||
Comment 1•21 years ago
|
||
This isn't supported yet. -> enhancement; all/all; -> password manager, reassigning and confirming. -> blocks bug 218694.
Assignee: blake → bryner
Blocks: 218694
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Preferences → Password Manager
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: mpconnor → davidpjames
Hardware: PC → All
Summary: can not submit master password timeout → implement master password timeout functionality + UI
|
||
Comment 2•20 years ago
|
||
*** Bug 261192 has been marked as a duplicate of this bug. ***
|
||
Comment 3•20 years ago
|
||
*** Bug 268298 has been marked as a duplicate of this bug. ***
|
||
Comment 4•19 years ago
|
||
*** Bug 304929 has been marked as a duplicate of this bug. ***
|
||
Comment 5•18 years ago
|
||
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
|
||
Updated•18 years ago
|
Assignee: bryner → nobody
Version: unspecified → Trunk
|
||
Comment 6•18 years ago
|
||
*** Bug 343043 has been marked as a duplicate of this bug. ***
|
||
Comment 7•18 years ago
|
||
wasn't this supported in earlier versions of Fx?
|
|
||
Comment 8•18 years ago
|
||
Don't think so: the prefs security.password_lifetime and security.ask_for_password are just used to set the values in the pref-masterpass window, and its handling script actually sets them internally in nsPK11TokenDB, so if you don't go through a working pref window that lets you call something like http://landfill.mozilla.org/mxr-test/seamonkey/source/security/manager/pki/resources/content/pref-masterpass.js#73 then you haven't actually set anything.
|
|
||
Comment 9•18 years ago
|
||
*** Bug 326755 has been marked as a duplicate of this bug. ***
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
|
||
Comment 10•15 years ago
|
||
We just had a user request this. Ubuntu Bug: https://bugs.launchpad.net/bugs/407615 Also, possible duplicate: Mozilla Bug 155739 There appears to be an addon as well for this: https://addons.mozilla.org/en-US/firefox/addon/1275 But it seems reasonable to have this in the UI.
|
||
Comment 11•14 years ago
|
||
The add-on Micah mentions does not work.
|
|
||
Updated•14 years ago
|
See Also: → https://launchpad.net/bugs/407615
|
||
Comment 12•14 years ago
|
||
Is this the right bug for master password reentering prompt after some inactivity period?
|
||
Comment 13•14 years ago
|
||
I have the same question. Suspect that 3.6.10 has incorporated "require password on return from sleep/hibernate. That's a good thing a good thing for laptop users (in case the computer gets stolen while asleep, but a pain in the neck for desktop users who live with their systems -- likelihood is that this will prove enough of a nusiance to turn off the master password). Make "forget password on sleep/hibernate" an option?
|
||
Updated•9 years ago
|
|
||
Comment 15•9 years ago
|
||
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 17•9 years ago
|
||
@Justin: are you implying that "master password" will be phased out or will be left alone in foreseeable future?
|
||
Comment 18•9 years ago
|
||
(In reply to Justin Dolske [:Dolske] from comment #15) > It's generally agreed among UX/Engineering/Product that we don't want to > further develop the existing master password functionality, as it's a poor > fit for current needs and our current direction in this area. Is there an alternative planned? Would you rather we have a password manager that is not at all secured?
|
||
Comment 19•9 years ago
|
||
Right now it asks again for the master password every single time you select 'show passwords' even if twice in 10 seconds. The only issue is if you leave your computer unattended with Firefox running and the master passpharse has already been entered, someone can log onto your gmail etc... accounts without knowing your password. This is mitigated by people running screen lockers and screensavers. If the master password is relocked every 30 minutes, this still leaves Firefox able to log onto websites for 30 minutes which is actually longer than most screenlockers/screensaver timeouts. Many users will also thing "hmm...I just typed in the master password 30 minutes ago. this must be a bug". KDE's kwallet relocks when the last application accessing the keychain closes which is analogous to Firefox requiring that you re-enter the master password every time you restart firefox and access a website that wants a password. You could make firefox lock the master password again when all websites/tabs that have requested a password are closed but it is not easy to tell the user that the keyring is in use/not in use/relocked without major UI changes.
You need to log in
before you can comment on or make changes to this bug.
Description
•