Open Bug 1118553 Opened 6 years ago Updated 6 months ago

Flag duplicate/reused passwords in Password Manager UI

Categories

(Firefox :: about:logins, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: tanvi, Unassigned)

References

(Depends on 1 open bug, Blocks 2 open bugs)

Details

User Story

• Discuss definition of re-use
• Implement design spec for Reused Passwords Banner Notification
• Learn more link to SUMO page
• update sidebar icon (and tooltip)

Invision spec: https://mozilla.invisionapp.com/share/BEU7ZBJ486Y

Attachments

(3 files)

Password reuse is a big problem on the web and causes numerous account compromises.  Users use the same password for the survey site they used one time and their bank account.  If an attacker can compromise one, they can compromise the other.

If a user has saved the same password on multiple sites, perhaps we can somehow flag this in the Password Manager interface.  Particularly if the same password is being used on an HTTP page and an HTTPS page.  Since the former can be read in cleartext, it exposes the later to compromise.
Blocks: 1118400
OS: Mac OS X → All
Hardware: x86 → All
Don't get too naggy about it though. I have 30-ish legitimate instances of my mozilla LDAP password. Even "same eTLD+1" heuristics will get the recommendation wrong because there's a mix of mozilla.ORG and .COM sites, as well as the completely different mozilla.okta.com and mozilla.service-now.com
Whiteboard: [passwords:management]
Severity: normal → enhancement
Priority: -- → P5
Blocks: 1220617
Attached image what-safari-does.png

For reference, what Safari does in Preferences › Passwords.

Component: Password Manager → about:logins
Product: Toolkit → Firefox
Version: unspecified → Trunk

Mass removing [skyline] and [passwords:management] from about:logins bugs which are no longer useful.

Whiteboard: [passwords:management]
User Story: (updated)
Flags: qe-verify+
Priority: P5 → P2
Blocks: 1565326
No longer blocks: 1220617
Attached image passwords-reused-16.svg
Attached image passwords-reused-24.svg
Summary: Flag duplicate passwords in Password Manager UI → Flag duplicate/reused passwords in Password Manager UI
Duplicate of this bug: 1354498
Depends on: 1120684
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.