Closed Bug 1194529 Opened 5 years ago Closed 18 days ago

Ask the user for their OS account password before showing the passwords in the password manager

Categories

(Firefox :: about:logins, defect, P1)

Unspecified
Windows
defect

Tracking

()

RESOLVED FIXED
Firefox 76
Tracking Status
relnote-firefox --- ?
firefox76 --- fixed

People

(Reporter: rchtara, Assigned: jaws)

References

(Depends on 4 open bugs)

Details

(Whiteboard: security:passwords)

Attachments

(7 files, 2 obsolete files)

47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
47 bytes, text/x-phabricator-request
Details | Review
27.83 KB, image/png
Details
When the user tries to show all the passwords in the password manager, he should  be asked to enter his current windows password if he didn't setup a master password
Whiteboard: [fxprivacy] security:passwords
Whiteboard: [fxprivacy] security:passwords → [fxprivacy] [triage] security:passwords
Whiteboard: [fxprivacy] [triage] security:passwords → security:passwords
Bug 1121291 is removing the "Show passwords" button, so I think this would be a wontfix.
Or is this a duplicate of Bug 902880?
Flags: needinfo?(rchtara)
No, they are different: here we have to ask for the windows password before showing all the passwords
After Bug  1121291, the only thing that needs to change is we have to ask the user for his windows password before showing the password he wants to show

This bug is different from  Bug 902880. In the current bug we dont change how the password are stored, we just use an api to ask him for his windows password: it s a bit cheating so the normal users feel more secure, and he is  indeed more secure against normal people attacks,  however in the a background  : advanced user can still get the passwords.
This is not a solution for all the problems, but its a step in the right path
Flags: needinfo?(rchtara)
Whiteboard: security:passwords → [passwords:management] security:passwords
Component: Password Manager → about:logins
Product: Toolkit → Firefox

Mass removing [skyline] and [passwords:management] from about:logins bugs which are no longer useful.

Summary: Ask the user for his windows password before showing the passwords in the password manager → Ask the user for their OS account password before showing the passwords in the password manager
Whiteboard: [passwords:management] security:passwords → security:passwords
Assignee: nobody → jaws
Status: NEW → ASSIGNED

The OS auth before setting a Master Password is required since having a Master Password set will supersede the OS authentication.

Attachment #9120927 - Attachment is obsolete: true
Attachment #9124583 - Attachment description: Bug 1194529 - Move the Master Password preference to the Certificate section and require OS auth to set a Master Password. r?MattN! → Bug 1194529 - Require OS auth to set a Master Password. r?MattN!

Adding to the draft 75beta release notes:

Release Note Request (optional, but appreciated)
[Why is this notable]:
[Affects Firefox for Android]:
[Suggested wording]: Showing the saved passwords in about:logins on Windows and macOS now requires typing the system account password if no master password is set.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?

(In reply to Julien Cristau [:jcristau] from comment #15)

[Suggested wording]: Showing the saved passwords in about:logins on Windows and macOS now requires typing the system account password if no master password is set.

The user may not have to type anything if they have biometrics setup or they may be able to just enter their Windows Hello PIN instead so maybe we could make this sound more convenient.

Flags: needinfo?(jcristau)

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #16)

(In reply to Julien Cristau [:jcristau] from comment #15)

[Suggested wording]: Showing the saved passwords in about:logins on Windows and macOS now requires typing the system account password if no master password is set.

The user may not have to type anything if they have biometrics setup or they may be able to just enter their Windows Hello PIN instead so maybe we could make this sound more convenient.

Can we use the following wording?
[Suggested wording]: Accessing saved passwords in about:logins on Windows and macOS now requires the user to authenticate with their operating system if no master password is set.

Sure! Draft release note updated.

Flags: needinfo?(jcristau)
Attachment #9129180 - Attachment is obsolete: true
Pushed by jwein@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c2f10d341da8
Move OSKeyStore.jsm to browser/modules since it is no longer used by just Form Autofill. r=MattN
https://hg.mozilla.org/integration/autoland/rev/3242adb0ff8e
Update OSKeyStore pref names now that the module is moved. r=MattN
https://hg.mozilla.org/integration/autoland/rev/55c38d92f65a
Revert to the previous value of the TEST_ONLY_REAUTH pref instead of clearing it after receiving the notification. r=MattN
https://hg.mozilla.org/integration/autoland/rev/5b5cbd52e30f
Ask the user for their OS account password before showing the passwords in the password manager. r=fluent-reviewers,MattN
https://hg.mozilla.org/integration/autoland/rev/7bf0a8463e53
Add a test for the OS auth dialog in about:logins and test that the OS auth dialog doesn't appear when Master Password is set. r=MattN
https://hg.mozilla.org/integration/autoland/rev/e83a89eb5007
Require OS auth to set a Master Password. r=fluent-reviewers,MattN
Flags: needinfo?(jaws)
Pushed by jwein@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/456987ad7c9b
Move OSKeyStore.jsm to browser/modules since it is no longer used by just Form Autofill. r=MattN
https://hg.mozilla.org/integration/autoland/rev/da20e2d8584b
Update OSKeyStore pref names now that the module is moved. r=MattN
https://hg.mozilla.org/integration/autoland/rev/586d1c69a0e8
Revert to the previous value of the TEST_ONLY_REAUTH pref instead of clearing it after receiving the notification. r=MattN
https://hg.mozilla.org/integration/autoland/rev/9d8f5af6bf5a
Ask the user for their OS account password before showing the passwords in the password manager. r=fluent-reviewers,MattN
https://hg.mozilla.org/integration/autoland/rev/f630ffb8bc0b
Add a test for the OS auth dialog in about:logins and test that the OS auth dialog doesn't appear when Master Password is set. r=MattN
https://hg.mozilla.org/integration/autoland/rev/6427e12d8147
Require OS auth to set a Master Password. r=fluent-reviewers,MattN
Depends on: 1622303
Depends on: 1622304
Depends on: 1622514
Attached image WrongChars.png

Don't know if it is a Firefox bug or a Windows 10 bug, but the Italian version of Windows/Firefox shows strange chars in the authentication window.

(In reply to Filippo from comment #24)

Created attachment 9134338 [details]
WrongChars.png

Don't know if it is a Firefox bug or a Windows 10 bug, but the Italian version of Windows/Firefox shows strange chars in the authentication window.

I have the same issue. Also if the Windows user session doesn't have a password, it's not working...

(In reply to Filippo from comment #24)

Don't know if it is a Firefox bug or a Windows 10 bug, but the Italian version of Windows/Firefox shows strange chars in the authentication window.

@flod, could we be having an issue with the encoding?

(In reply to Antoine Turmel [:GeekShadow] from comment #25)

I have the same issue. Also if the Windows user session doesn't have a password, it's not working...

This was just fixed by bug 1622542.

Flags: needinfo?(francesco.lodolo)

(In reply to Jared Wein [:jaws] (please needinfo? me) from comment #26)

(In reply to Filippo from comment #24)

Don't know if it is a Firefox bug or a Windows 10 bug, but the Italian version of Windows/Firefox shows strange chars in the authentication window.

@flod, could we be having an issue with the encoding?

All files are correctly utf-8 encoded. That screenshots shows a shameful typo ("propria", not "proprià"), but "identità" should show up correctly. My assumption would be that there's an issue in the code (i.e. the encoding when you pass this string to the OS)?

Flags: needinfo?(francesco.lodolo)

Short question about the expected behaviour: Is it the expected behaviour that I have to enter the OS passwort for every password I want to show or copy in about:logins? Wouldn't it make sense to remember the authentication after the first password prompt until I close about:logins or for n minutes?

I can file a new Bugzilla ticket for this but maybe the current behaviour is the expected behaviour so I wanted to check that first. Thanks!

(In reply to Sören Hentzschel from comment #28)

Short question about the expected behaviour: Is it the expected behaviour that I have to enter the OS passwort for every password I want to show or copy in about:logins? Wouldn't it make sense to remember the authentication after the first password prompt until I close about:logins or for n minutes?

I can file a new Bugzilla ticket for this but maybe the current behaviour is the expected behaviour so I wanted to check that first. Thanks!

Thanks for your question. This has been fixed in bug 1611914 and uses 5 minutes as the timeout. It should appear in the next Nightly build :)

Depends on: 1623695

(In reply to Filippo from comment #24)

Don't know if it is a Firefox bug or a Windows 10 bug, but the Italian version of Windows/Firefox shows strange chars in the authentication window.

Thanks for your comment. I filed bug 1623695 for this issue and am investigating it now.

There is definitely should be an option in settings that allow to turn this future on/off...

(In reply to Avlasenko Vitaliy from comment #31)

There is definitely should be an option in settings that allow to turn this future on/off...

That would defeat the point of the snooping protection…

Ideally we should fill your saved passwords directly into webpages so you don't need to use about:logins to access them and therefore you wouldn't be annoyed. Bug 1611914 will also help. If filling into webpages doesn't work properly for you then please file bugs.

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #32)

That would defeat the point of the snooping protection…
But that will uncomforable for people who use lockwise often. Let it be On by default, but also let turn it Off. Honestly, for me this is excessive feauture, I just don't need it. Master password (don't use it now) is enough for me If I want to protect my passords. So I still think that there sould be a way to turn this feauture off.

Depends on: 1623745
You need to log in before you can comment on or make changes to this bug.