Open Bug 1118553 Opened 8 years ago Updated 3 months ago
Flag duplicate/reused passwords in Password Manager UI
• Discuss definition of re-use • Implement design spec for Reused Passwords Banner Notification • Learn more link to SUMO page • update sidebar icon (and tooltip) Invision spec: https://mozilla.invisionapp.com/share/BEU7ZBJ486Y
Password reuse is a big problem on the web and causes numerous account compromises. Users use the same password for the survey site they used one time and their bank account. If an attacker can compromise one, they can compromise the other. If a user has saved the same password on multiple sites, perhaps we can somehow flag this in the Password Manager interface. Particularly if the same password is being used on an HTTP page and an HTTPS page. Since the former can be read in cleartext, it exposes the later to compromise.
OS: Mac OS X → All
Hardware: x86 → All
Don't get too naggy about it though. I have 30-ish legitimate instances of my mozilla LDAP password. Even "same eTLD+1" heuristics will get the recommendation wrong because there's a mix of mozilla.ORG and .COM sites, as well as the completely different mozilla.okta.com and mozilla.service-now.com
Component: Password Manager → about:logins
Product: Toolkit → Firefox
Version: unspecified → Trunk
Summary: Flag duplicate passwords in Password Manager UI → Flag duplicate/reused passwords in Password Manager UI
You need to log in before you can comment on or make changes to this bug.