Add support for a simple 'password audit'

NEW
Unassigned

Status

()

4 years ago
2 years ago

People

(Reporter: mfinkle, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
All
Android
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Can we look at a user's existing passwords and do some sanity checks? We could add something to our password management UI to do a simple audit looking for:
* Weak passwords
* Same password used on more than one domain
* Logins/passwords on recently hacked sites?

Other ideas?
(Reporter)

Updated

4 years ago
Component: General → Logins, Passwords and Form Fill
I think step one is to have a password management UI :P
OS: Linux → Android
Hardware: x86_64 → All
(In reply to Richard Newman [:rnewman] from comment #1)
> I think step one is to have a password management UI :P

Details, details. That shouldn't stop us from brainstorming audit types and even working on the code to do a specific audit. Use an add-on to develop the code!

Comment 3

4 years ago
(In reply to Mark Finkle (:mfinkle) from comment #2)
> (In reply to Richard Newman [:rnewman] from comment #1)
> > I think step one is to have a password management UI :P
> 
> Details, details. That shouldn't stop us from brainstorming audit types and
> even working on the code to do a specific audit. Use an add-on to develop
> the code!

+1 An add-on could create some in-content UI to display information to the user. Since password management lives in toolkit land, this should be pretty straightforward.

A good place to start would be to just look at the desktop password management code, since that would use all the APIs we want.
(Reporter)

Updated

4 years ago
Blocks: 1079403
This is a neat idea, but one that I would argue is lesser priority than many other things. 

Although the intention is to make people safer, warning people they are unsafe when we can't correct it automatically and side-effect free (e.g., 1032 viruses neutralized!) usually just makes them feel sad and uncomfortable. I'm suspect most people don't choose Firefox to feel unsafe on the Internet. I love a good lecture from Firefox as much as the next geek, but I wager it's not a general trend.
You need to log in before you can comment on or make changes to this bug.