Closed Bug 1209267 Opened 9 years ago Closed 5 years ago

In the saved passwords column, make all the masked passwords eleven characters long

Categories

(Thunderbird :: Preferences, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: rfeeley, Unassigned)

References

Details

We shouldn't use a small number of characters to represent a password, and using some password strength indicators, it looks like entropy shoots through the roof at 11 characters. ••••••••••• ••••••••••• ••••••••••• ••••••••••• ••••••••••• ••••••••••• ••••••••••• ••••••••••• ••••••••••• It looks good to my eyes.
OS: Unspecified → All
Hardware: Unspecified → All
Version: unspecified → Trunk
Note that this is a trivial (but nonzero) information disclosure to shoulder surfers (after you've already entered your master password once to display the dialog). Also, did you know that you can Sort By password, even when they're displayed as dots? Length + alphabetization can reveal password re-use.
[Tracking Requested - why for this release]: See comment 6
Ryan, Matt: I am trying to follow up on 44+ tracked bugs. Is this something that we plan to fix in 44? I am still in the early part of Beta44 cycle and would be happy to take a patch if it is ready in the next 7-10 days. Thanks!
Flags: needinfo?(rfeeley)
Flags: needinfo?(MattN+bmo)
I'm just the UX designer, so I want everything now, so I may not be the right person to ask.
Flags: needinfo?(rfeeley) → needinfo?(rkothari)
(In reply to Ryan Feeley [:rfeeley] from comment #10) > I'm just the UX designer, so I want everything now, so I may not be the > right person to ask. Thanks Ryan! Who might I ping from the dev team to get someone to look at this bug? Any help is appreciated.
Flags: needinfo?(rkothari)
(In reply to Ritu Kothari (:ritu) from comment #11) > (In reply to Ryan Feeley [:rfeeley] from comment #10) > > I'm just the UX designer, so I want everything now, so I may not be the > > right person to ask. > > Thanks Ryan! Who might I ping from the dev team to get someone to look at > this bug? Any help is appreciated. see https://wiki.mozilla.org/Modules then either (your choice) 'Toolkit" to get only that, or "All in one big list" followed by "Toolkit" to get the Toolkit developers within the context of all developers. Within Toolkit, I'm not sure who specializes in the Password Manager. Maybe the Toolkit "owner" for a policy decision, or else one or other of the "peers" if you have a patch which needs a second pair of eyes before being checked-in. (At Mozilla, at least one person other than the patch author, and knowing the relevant Component, must have passed a patch, any patch, before it can be checked-in.) You might try clicking "(show other bugs)" next to [Password Manager ▼] in this bug's header. This will give you a list of bugs for this same Product/Component. See who seems to be doing reviews for them, or at least from whom reviews have been requested. If none of them has patches, modify the bug search to search "Resolution=FIXED" bugs instead of open ("Resulution=---") ones, and be sure to set a time limit: 6 months (from -180d to Now) should be ample, maybe even too much.
(In reply to Ritu Kothari (:ritu) from comment #11) > Who might I ping from the dev team to get someone to look at this bug? This is an easy bug to fix but bug 1208145 is more important and will change how the password masking will work so that's why I was ignoring this bug for now. Maybe whoever takes bug 1208145 could finish this after?
Flags: needinfo?(MattN+bmo)
Given that we are a week away from RC, this does not seem release blocking to me. wontfix for Fx44, carrying the tracking flag forward to Fx45.
Blocks: 1257078
Whiteboard: [passwords:management]
Component: Password Manager → Preferences
Product: Toolkit → Thunderbird
Whiteboard: [passwords:management]
Version: Trunk → unspecified

FYI, bug 1508165 is removing password tree column support for XUL trees. Per discussion in https://phabricator.services.mozilla.com/D48573 , I'm inclined to say if this feature is still desirable, you may have to add it back in.

Jörg, Magnus, see comment 17. Without a password field in our password dialog the dialog is probably useless. We need to look how this looks without this field and decide.

Flags: needinfo?(mkmelin+mozilla)
Flags: needinfo?(jorgk)

We have no masked password field in TB and the removal of the treecol[type="password"] doesn't make problems.

Closing this bug as WONTFIX

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(mkmelin+mozilla)
Flags: needinfo?(jorgk)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.