1261977 - Prompt users to set a primary password upon first password save

Status: UNCONFIRMED

(Toolkit :: Password Manager, enhancement, P3)

Description

[furkan-akbulut]

Attachment: Find out the login data and password in an old harddisk.pdf

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586

Steps to reproduce:

I get a old ssd harddisk. I looking for the Profile Directory of Firefox. After that I look for the file login.json and key3.db. I copy this profile files into my directory and replace the two same files. After i restart my Firefox browser. The result: i can see the password and the login data from the owner of the harddisk in the security settings of Firefox. 


Actual results:

I have the chance to get all passwords and login dates if i get the two files of the profile.
1. USB with an small software which searching the two files on an computer /old harddisk
2. If you find the files make a copy
3. Take the usb and copy the files into my Profile Directory
4. Looking for save password in the security setting of firefox


Expected results:

I think the best way is to stop the automatic saving password. A lots of people using this setting, because it saves a lots of time. Or the 2 files in the profile directory must be safed with an id or a password.

Comment 1

[Daniel Veditz [:dveditz]]

Pretty sure this is a duplicate request. Long ago we used to have an interstitial explanatory panel the popped up when a user was about to save their first password, asking the user to choose explicitly between unencrypted and using a master password. It was removed based on user feedback.

Comment 2

[Matthew N. [:MattN]]

We could put this in a promo box like the sync one that appears below the capture doorhanger the first N times but that depends on whether UX thinks it will scare users. Another possible solution is bug 1194529 depending on who you're trying to stop from accessing the saved passwords locally.

Comment 5

[John King]

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #2)

We could put this in a promo box like the sync one that appears below the
capture doorhanger the first N times but that depends on whether UX thinks
it will scare users. Another possible solution is bug 1194529 depending on
who you're trying to stop from accessing the saved passwords locally.

I think making it explicit clear that passwords are stored in the open is just good practice. In this case, scaring a user is a good thing. Don't make creating a master password an option, it is irresponsible these days.

Comment 6

[Matthew N. [:MattN]]

(In reply to John King from comment #5)

I think making it explicit clear that passwords are stored in the open is just good practice.

Passwords are never stored in plaintext but without a master password having the salt (stored in key*.db) is enough to decrypt them.

In this case, scaring a user is a good thing. Don't make creating a master password an option, it is irresponsible these days.

If you use whole disk encryption and lock your operating system account when you're away from the computer then that is sufficient to stop local attacks.

Comment 7

[Simon Friedberger [:simonf]]

I think this would be a good idea.
Consider, for example, things like the recent scams where people are tricked into screen sharing with control by a caller. In that case it is very easy to upload the files somewhere and get access to all passwords.
Or just having access to someone else's computer. There is a difference between being able to go to the settings and read passwords and just being able to log into some site on the spot.