100979 - Reword Master Password Prompt

Status: RESOLVED DUPLICATE of bug 306730

(Core Graveyard :: Security: UI, defect, P3)

Description

[Todd Pringle]

Need to reword the Master Password Prompt, the existing text:

"Please enter the master password for the software security device"

is confusing.  Our typical end user has no idea what the software security
device is and has a hard time understanding that that this means the master
password they have set.

Recommend that we change the wording to something more straightforward such as:

"Please enter your Master Password."

Ccing UE and docs for input.

Comment 1

[Todd Pringle]

Ccing Bob Lord.

Comment 2

[Bob Lord]

As you can probably guess, we've discussed this issue before. :-)

Each token, including the build-in token, has it's own "master password", which
makes the idea of a *master* password a misnomer.  

Adding a few more people who remember this particular can-o-worms.

Comment 3

[Sean Cotter]

"software security device" becomes "iButton security device" or "MySmartCard
security device" or whatever, depending on which token's "master password" is
being requested.

One option for this that we discussed earlier this year is "hard disk security
device" (when the relevant token is the internal, default one) to emphasize that
the device involved is the one that stores its info on your hard disk.

Some day, as I recall, even the master key--which is what the master password
for the internal token unlocks for use by Password Manager and Form
Manager--could possibly live on an external device.

If this weren't the case--that is, if we could be sure that the master key
always lives internally and not on some external token--then one option might be
to differentiate the master password used for the Password & Form Manager from
some other named "master cert password" that protects the certs on a token,
whether internal or external. But that would probably involve a lot of work, and
I'm not sure it would improve the user experience.

Does anybody have any other ideas for this? I think it could really use a
comletely fresh approach, ideally from a professional UI designer (German, are
you ready to dig into this quicksand?) "Please enter your master password" comes
up in all kinds of situations and it's almost always confusing why.

Comment 4

[timeless]

why not 'default' or 'basic' or 'browser'?

in nc4, i have
* Netscape Internal PKCS #11 Module
  * Communicator Generic Crypto Svcs
  * Communicator Certificate DB
^ each of these makes a bit of sense (esp the second level entries) -- 
certainly more than 'hard drive' -- which could be wrong if it's an NFS mount 
point or something else similarly whacky.

what does the default device protect?

Comment 5

[Todd Pringle]

Those are all good suggestions - i.e. 

"Please enter your browser Master Password"

I understand that there are different master passwords for these different
devices, however I think we need to maximize for the 80% (in this case probably
more like 95%) case.  Most of our users will only see this dialog in the context
of the master password for password/forms manager.

Comment 6

[Dan Kalafus]

suggestion from an end-user:
I would like to see something like "Please enter your Mozilla master password".
 I really didn't need to know about the Software Security Device when I was
trying to check my mail yesterday.

As odd as this may sound, it would have been helpful to know that this was a
Mozilla prompt.  I get a lot of weird Windows prompts - sometimes when I'm
running Mozilla - and cryptic messages about master passwords aren't helpful. 

A "Help" button would also have been very useful on this dialog.  This was the
first time I've seen this prompt, and I didn't remember ever having set a master
password.  A short explanation would have saved a lot of frustration yesterday.

Comment 7

[Matthias Bockelkamp]

What about something like that:

"Mozilla Password Manager: Please enter your Master Password"

This can easily be understood by every user and doesn't conflict with other
"Master Passwords" or "Security Devices".

Comment 8

[Ralf Hauser]

Especially when I have many browser windows open, I get unexpected prompts for
the master password. Approaches to fix:
1) one reason may be that it simply timed out and another timout semantic would
reduce the incidence of this (see
http://bugzilla.mozilla.org/show_bug.cgi?id=155739)
2) another reason may be that a javascript timer in another browser window all
of a sudden woke up and for exampled re-promts for a login after a session
time-out (e.g. in e-banking).
Then, the master password prompt appears even though my currently used browser
window provides no justification for this:

==> Suggestion: Mention WHY the master password is needed BY WHOM!!
i) For the "password manager" in browser window with <title>...</title>
ii) For "mailNews" to sign/decrypt a message.
iii) for the "form manager" to populate a form (although I am not sure whether I
really saw that occurring without user intervention - perhaps this is a disease
in the MSIE - Gator world with its annoying pop-up adds that are seeking my
address/demographics...)
...

A furhter issue to consider when doing this is also distinguishability as per
http://bugzilla.mozilla.org/show_bug.cgi?id=101611

Comment 9

[Kai Engert (:KaiE:)]

I agree it would be nice, if the master password prompt would explain why the
master password is needed.

I worked on this in some spare time a while ago. The patch works, but is not yet
ready for checkin. The wordings should be discussed first.

Comment 10

[Kai Engert (:KaiE:)]

Attachment: Patch v1

Comment 11

[Kai Engert (:KaiE:)]

Comment on attachment 119996 [details] [diff] [review]
Patch v1

In particular, this patch has all strings hard coded into the sources. They
would have to be moved to the string bundle. But I decided to attach this patch
anyway, to have it here as a starting point / backup.

Comment 12

[Dan Burkhardt]

This actually is a security vulnerability.  I accessed a site that had a pop-up
password entry field worded almost exactly like the text "Please enter the
master password for the software security device"  I wasn't sure if I was
logging into Mozilla's password manager, or giving my password to the outside
web page!

It would be great if either:

1) The master password login prompt was unique and not possibly mimiced by a web
page

or...

2) Each pop-up login window indicated (in a non-spoofable way) what the source
of the password request was.

Of course, I could always stop being lazy, and use a Mozilla master password
that I never use anywhere else....

Comment 13

[Dan Burkhardt]

My previous comments about the security vulnerability are already being
addressed in Bug 101611.  Sorry.

Comment 14

[Kai]

For what it's worth, stability enhanced Linux, 
Mac OSX and Windows builds based on Mozilla 1.3.1, 
that also contain the patch
from this bug, are available at http://wamcom.org

Please feel free to play with it and give feedback in this bug.

Comment 15

[John G. Myers]

Mass reassign ssaux bugs to nobody

Comment 16

[Nelson Bolyard (seldom reads bugmail)]

Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody.  Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.

Comment 17

[:Gavin Sharp [email: gavin@gavinsharp.com]]

*** Bug 268298 has been marked as a duplicate of this bug. ***

Comment 18

[Reed Loden [:reed]]

While this is the older bug, I decided to make it the DUPE since most of the recent discussion is going on in the newer bug. :)

*** This bug has been marked as a duplicate of 306730 ***