Closed Bug 1121320 Opened 10 years ago Closed 1 year ago

Password hygiene telemetry

Categories

(Toolkit :: Password Manager, enhancement, P3)

enhancement

Tracking

()

RESOLVED WONTFIX

People

(Reporter: MattN, Unassigned)

References

Details

(Whiteboard: [passwords:telemetry])

Here are some ideas of probes we may want to consider adding if we start to help users with better password hygiene (e.g. with password generation or user education through the UI). * Average number of origins each distinct password is used on * Average/median password age (compare timePasswordChanged to the current time) * Whether a saved password is on a list of 1000 most common passwords * Proportion of saved passwords from HTTP origins (e.g. if we start warning) ** Related: We could measure the scheme (HTTP/HTTPS/FTP) of each password field encountered to see how the web is moving at the same time.
(In reply to Matthew N. [:MattN] from comment #0) > ** Related: We could measure the scheme (HTTP/HTTPS/FTP) of each password > field encountered to see how the web is moving at the same time. Good idea! We can also collect average password length.
I am assuming that some of the bugs already filed (ie bug 1118863) cover some of these, but we should (carefully) be measuring websites' use of autocomplete=off and RequestAutocomplete to understand how sites are evolving.
Unlike the other probes we're collecting, which measures general usage of the PM, this one is actually analyzing the user's data. We need to scratch our heads about this one.
We can define the problem as aggregating stats on how many sites are using these features as opposed to specific sites using them if we want to make the probe less invasive.
Priority: -- → P2
Whiteboard: telemetry
Whiteboard: telemetry → [passwords:telemetry]
Priority: P2 → P5
Severity: normal → enhancement
Summary: Password hygiene telemetry → [meta] Password hygiene telemetry

The meta keyword is there, the bug doesn't depend on other bugs and there is no activity for 12 months.
:sfoster, maybe it's time to close this bug?

Flags: needinfo?(sfoster)

These look like good probes to have to get a handle on password hygiene in the large, and would be a prerequisite to any password hygiene report feature.

Flags: needinfo?(sfoster)
Keywords: meta
Priority: P5 → P3
Summary: [meta] Password hygiene telemetry → Password hygiene telemetry
Severity: normal → S3

We did nothing in 9 years, lets not start it now without a good end to end experience design first.
Number of reused or weak passwords will not change anything we need to do, we still need to bring it to user's attention.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.