Flag duplicate passwords in Password Manager UI

NEW
Unassigned

Status

()

4 years ago
2 months ago

People

(Reporter: tanvi, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [passwords:management])

(Reporter)

Description

4 years ago
Password reuse is a big problem on the web and causes numerous account compromises.  Users use the same password for the survey site they used one time and their bank account.  If an attacker can compromise one, they can compromise the other.

If a user has saved the same password on multiple sites, perhaps we can somehow flag this in the Password Manager interface.  Particularly if the same password is being used on an HTTP page and an HTTPS page.  Since the former can be read in cleartext, it exposes the later to compromise.
(Reporter)

Updated

4 years ago
Blocks: 1118400
OS: Mac OS X → All
Hardware: x86 → All
Don't get too naggy about it though. I have 30-ish legitimate instances of my mozilla LDAP password. Even "same eTLD+1" heuristics will get the recommendation wrong because there's a mix of mozilla.ORG and .COM sites, as well as the completely different mozilla.okta.com and mozilla.service-now.com
Whiteboard: [passwords:management]

Comment 2

2 months ago
Possible duplicate: bug 1220617
You need to log in before you can comment on or make changes to this bug.