Closed Bug 757438 Opened 12 years ago Closed 10 years ago

Removing stored passwords should be protected by master password (if set)

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Version:
12 Branch
Platform:
x86_64
Windows 7
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: peci1, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725

Steps to reproduce:

Removing stored passwords using the Show Passwords dialog is not protected by master password prompt.


Actual results:

The master password prompt isn't shown.


Expected results:

IMHO the removal should be protected as the showing of them is. There could be users not remembering their passwords, and an adversary (or just a jokester) could remove all of them without entering the master password.

There is one caveat, though. Imagine you work on a borrowed Firefox with master password set up, and you (by accident) store your password. Then you would be totally helpless.

I know all of these problems would be resolved by forcing the users not to let others use their profile when master password has been entered, but...

Rather than directly resolving the issue, I would like to start a discussion on this topic.

Thanks for your oppinions ;)
Severity: normal → minor
Component: Untriaged → Security
@Martin, 

If you have set Master password and when you click on "Show Password" button, It ask for Master password. If you give wrong password or just cancel it, it leads you to a window with no saved password list. 

So if a user know Master password then only he can see for which site Firefox have saved password. 

Correct me if I am wrong.
(In reply to Abhinav Chittora from comment #1)
You are completely correct. But that is not what I am asking for. I'm talking about the situation when master password has already been entered (former). Then, to show the passwords (not the dialog, but the real passwords), you are asked for the password once more (even though the store has been already unlocked). I say that I think the same elevated protection should apply to removing the passwords.
(In reply to Martin Pecka from comment #2)
@Martin,

Oh, But don't you think that asking Master Password for deleting user password for each website will frustrate user. I mean, Asking for master password, each time when he want to delete the user password, can irritate any user ( Think about it).
This request doesn't make sense to me. The masterpassword should protect the passwords so that nobody can steal your passwords.
Why should a masterpassword be required if you want to delete the passwords ?
Anyone can delete your whole Firefox userprofile with a few clicks and all the passwords, bookmarks and history are gone !
Severity: minor → enhancement
(In reply to Abhinav Chittora from comment #3)
It could be so that the user is asked only the first time after opening the dialog.
Severity: enhancement → minor
(In reply to Matthias Versen (Matti) from comment #4)
You are right. My suggestion would just increase the pseudosecurity of the whole thing. But I would just feel safer if FF asked me for the password when doing such an important action. This is the difference between the real world and user experience.
Pseudo security is worse than no security because people may think that their passwords are protected.
To delete the whole profile just type about:support, click on "show folder", ctrl+a, del ...
Severity: minor → enhancement
Component: Security → Password Manager
Product: Firefox → Toolkit
QA Contact: untriaged → password.manager
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.