Closed Bug 88565 Opened 23 years ago Closed 23 years ago

Need UI fixup in "Set Master Password" dialog

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.1

People

(Reporter: bugzilla, Assigned: inactive-mailbox)

Details

Attachments

(8 files)

Screenshot as described in comment / New dialog layout
5.23 KB, image/gif
Details
Patch implementing the changes described in my comment
5.79 KB, patch
Details | Diff | Splinter Review
New patch / consistent usage of term Master Password / please review
5.37 KB, patch
Details | Diff | Splinter Review
Slightly modifed patch as requested by ddrinan
5.40 KB, patch
Details | Diff | Splinter Review
Additional patch / fixes "set p12 password" dialog, too.
2.02 KB, patch
Details | Diff | Splinter Review
Screenshot of new layout of "set p12 password" dialog.
7.13 KB, image/gif
Details
Changing "portable security password" to "certificate backup password" as requested
1.35 KB, patch
Details | Diff | Splinter Review
Parts of above patches not yet checked in
7.92 KB, patch
Details | Diff | Splinter Review 
The "Set Master Password" dialog has some problems:
- Title should be "Change Master Password" since thats what the button is 
called.
- the text "Security Device:Software Security Device" is nothing but weird.
- Missing ":" after each line. "Old password" should be "Old password:"
- Bar for password quality should be aligned under the text. Not under and 
indended.
- Dialog seem to be to big. A lot of space under the Ok buttons and a some 
space to the right in the dialog.
- Quality meter is al kind of weird. It seems impossible to get it to 100%
- When entering wrong "old password" you get a alert saying "bad password". I 
have no idea what password the alert is taking about. The new or the old 
password.
- When entering wrong "old password" you get a text saying "bad password". When 
I press Ok I should be returned to the "Set master password" dialog and not 
just back to the prefs.

build 20010629 on win2k
Priority: -- → P3
Target Milestone: --- → 2.1
Version: 1.01 → 1.5
The title issue is tricky. This same dialog comes up whether you're changing an
existing master password or setting a new one. Also, you could be changing a
password on one token, but setting a new one for another token, all from the
same dialog. Not sure what the best solution is for this, if any.

"Security Device: Software Security Device is correct, though I agree it's
confusing when only one token is available. 

If more than one token is available (for example, if you have a smart card
reader attached to your computer), this becomes a pup-up menu allowing you to
choose which token (i.e., security device) you want to set the password for.
"Software Security Device" is the name of the default token for the browser.

This is mentioned in help for this dialog, although the help text could be
improved in several respects (I'm working on it). At least the help button works
  now.

Other things mentioned are definitely worth fixing. The cryptic message if you
type the wrong old password is especially irksome. Also, you don't get any
message--just a disable OK button--if the second new password is different from
the first. I think, but am not certain, you should be able to click OK and then
get a message telling you what you did wrong; clicking OK in that message should
put you back in the change password dialog. 

One nit: I'd like to see "Enter a new password:" and "Enter the password again:"
changed to "New password:" and "New password (again):"


-> Kai
Assignee: ssaux → kai.engert
Regarding the title, depending on who started the dialog:
I agree with the reporter about the title, in my opinion it should always be
"change", never "set", even if there isn't a password yet, as the term "change"
is acceptable in that situation (in my opinion), too.
In addition, this dialog is really executed from different places, i.e. from
device_manager.js (which doesn't seem to change the title). Therefore I suggest
to remove the word "master" from the title.
I modified it and the title is now simply "Change password".

Regarding the labels of passwords:
Changed as suggested.
In addition, I think, it shouldn't display "old password", I changed it to
"current password".

Regarding alignment of the quality meter bar:
Aligning text labels, edit fields and labels seems to be difficult, as they all
start at a different pixel offset (from the left).
I think the best thing is to use a boxed layout, which gives the eye lines to
pay attention to and forget the different offsets within the boxes.
Please see the attached screenshot for my suggested layout.
    
Regarding size of dialog / too big:
I removed the with coded into XUL, and let the layout engine do the magic. Looks
good for me on Linux.
    
You ask: how can quality reach 100%?
Try the password:
  a,1:-45
This gives me a full bar.

We now display more descriptive texts in the mentioned error conditions.

Pressing ok without being able to change the password does no longer close it.

When changing the code, I noticed the return value is always set to 1 (file
password.js, function setPassword). This seems incorrect to me when I look at
the code in nsNSSDialogs::SetPassword, which relies on the return value.
I therefore changed the code to set a return code of 1 only when we were able to
change the password. And the current code never inits the "return value" to
zero. I added this default value in onLoad.


David, please review.

(To apply the patch, go to security/manager/pki/resources and use "patch -p0".)
"Master password" is the term used throughout the interface for the password 
that protects a token, as distinct from the certificate backup password, 
passwords entered on web sites, etc. Changing the term here without changing it 
anywhere else (such as the prefs panel or menu from which you open the 
dialog) would be bad. This is especially important for the Password 
Manager, whose master key is stored on default token ("Software Security 
Device").

Unless we want to reopen the whole master password issue, please leave the 
master in "Change Master Password". (And of course even this text change 
should be made to PSM 2.1 only; too late to make UI text changes for 2.0.)
Sean, thanks for your comment. I didn't know that Master Password is the term
for all security devices (I assumed it's only used for the internal Software
device). You arguments convice me, and we indeed should leave the term Master
Password.

I'm attaching a new patch.
Keywords: patch, review
The term "Master Password" should always be displayed with capital M and capital
P. There are a few instances in the patch, where "master password" is used. Fix
that and r=ddrinan.
r=ddrinan.
Change target to 2.0? Also, do we need to inform localization about such UI
changes after "UI freeze," or do they do another sweep at some point?
Sorry for fiddling around so much. But the dialog used to set the password when
backing up a certificate to a p12 file has the same problems (size and quality
meter bar).

So, if we really wanted to re-target this bug to 2.0, we shouldn't forget to fix
this other dialog, too.

This time, only the dialog layout changed, using the same strategy as before
(see screenshot).
Status: NEW → ASSIGNED
sr=blizzard on both patches
The attached Certificate Backup screen shot ("set p12 password") includes the
following text:

Important: If you forget your portable security password, you will not be able
to restore this backup later. Please record it in a safe location.

The phrase "portable security password" in the above should be "certificate
backup password" to be consistent with the rest of the dialog. This will require
an additional patch--should it be a separate bug?
I don't think we need an additional bug.

Sean, Can you please review?

Wording change in latest patch for "certificate backup password" looks fine.
sr=blizzard
Moving all P3 and P4 bugs targetted to 2.1 to future.
Target Milestone: 2.1 → Future
How can this be "future" when we have a sr and just missing the checkin? Give 
Kai a brake and help check it in....
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
Checked in patch for Kai.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Ok, I confess this bug was confusing. Javi, you checked in only the latest
patch. There are two more patches that should be checked in.

However, meanwhile the patches do no longer work because of conflicts caused by
other checkins. Nothing problematic, though.

I've created a new patch, which is the same as contained in attachments 41344
and 41325. IMHO, no additional review is required.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Checked in latest patch as well.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
Change the target of bugs with state 'RESOLVED' and target 'Future' to target
'2.1' since they were fixed for the 2.1 release.
Target Milestone: Future → 2.1
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm1.5 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: