Closed Bug 137197 Opened 23 years ago Closed 14 years ago

Reset Master Password doesn't clear the saved passwords (for mail, web, etc.)

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 398886
Milestone:
Future

People

(Reporter: esther, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [kerh-ehz])

Reset Master Password doesn't clear the saved passwords for mail. The steps below is how this was found, not sure if it has to be in this sequence or if all the steps are needed. It may fail with just 1 & 5. 1. Launch app 2. Log into mail and save password, exit app 3. Launch app, log into mail and encrypt password. exit app 4. launch app, log into mail, give master password and then select obsecure password in Tools|Password Manager|Obsecure Password. exit app 5. launch app, reset master password and log into mail Or exit,relaunch and log into mail makes no difference. Result: no password needed, Expected: should have asked for password since I reset Master password which states "If you reset your master password, you will permanently erase all the web passwords, email passwords, and form data saved on your behalf by Password Manager and Form Manager."
Note using branch build 20040412 on winxp and 20020411 on linux.
OS: Linux → All
nsbeta1
Keywords: nsbeta1
this is regression
Keywords: regression
My guess is that the message is correct in that all passwords "saved on your behalf by PASSWORD MANAGER" have been forgotten. But probably there is some local caching of mail password done by mailnews and that one is not being forgotten. In that case it's a mail/news issue.
Assignee: morse → racham
Component: Password Manager → Account Manager
Product: Browser → MailNews
QA Contact: tpreston → nbaca
Any passwords are saved. 1.) Visit https://pki.mcom.com/testplans/sdr.html 2.) Enter passwords and submit. 3.) Reset master password. 4.) Manage stored passwords. Notice that the stored passwords are still there.
In that case it is a password-manager problem. Reassigning back to myself. Could you please post a detailed step-by-step procedure starting from a fresh profile for reproducing this problem using the sdr.html site. Thanks.
Assignee: racham → morse
Component: Account Manager → Password Manager
Product: MailNews → Browser
QA Contact: nbaca → tpreston
1.) Visit https://pki.mcom.com/testplans/sdr.html 2.) Enter username and password in the upper 2 boxes and submit. Say yes to save your info. 3.) Edit>Prefs>Privacy>Master Passwords>Reset master password. 4.) Edit>Prefs>Privacy>Passwords>Manage stored passwords. Notice that the stored passwords are still there, though there should be no stored passwords.
Oh, so you are not encrypting your passwords. In that case there is no need form mozilla to throw away all the collected password-manager and form-manager data, so it is not thrown away. It never was thrown away in that circumstance, so this could not possibly be a regression (removing regression keyword). The only purpose of the clear-master-password command is for the user who has forgotten his master password. If his data is encrypted, he can never get to it again, and we must throw it away. But if it is only obscurred, we don't have to be so harsh on him -- his data is still available even though his master password is forgotten. So the only problem that I see here is the wording on the dialog which currently says: If you reset your master password, you will permanently erase all the web passwords, email passwords, and form data saved on your behalf by Password Manager and Form Manager. The correction is to add the word "encrypted" so that it reads as follows: If you reset your master password, you will permanently erase all the encrypted web passwords, email passwords, and form data saved on your behalf by Password Manager and Form Manager. Or, better yet, if the data is not encrypted we shouldn't even display the above dialog.
Keywords: regression
Based on my comment above, I would not consider this to be nsbeta1
Target Milestone: --- → mozilla1.1alpha
Removing nsbeta1 keyword. Assigning to cotter for wording change based on comment #8.
Assignee: morse → cotter
Keywords: nsbeta1
The text quoted by Steve in comment #8 appears in a couple of places in the related help text. This is easy to fix, and I will do so. The text in the dialog itself should probably also be changed. This involves changing the word "stored" to "encrypted" in two places: In the Master Passwords panel under Reset Password--new text should read: If you reset your master password, all your encrypted Web and email passwords . . . In the Reset Master Password dialog--new text shoud read: If you reset your master password, all your encrypted Web and email passwords . . . Note the additional change to uppercase "Web" in the former--I think there's a bug about this somewhere, might as well fix it too. Steve, can you create patches for these dialog changes, at your convenience? I can steer them through approval, post-beta.
So basically we have taken a feature away from the 6.2.2 users "Clear Sensative Information" which cleared all saved passwords obscure or encrypted using a menu item click. It is now replaced with "Reset Master Password" which only clears not only the the master password but the Certificate for signing and encypting mail (as well as others). How will the 6.2.2 user know they have to go to the Password Manager to remove the saved mail passwords. Is there a current spec for this new UI? I could see a 6.2.2 user using Reset Master Password in place of Clear Senstitive Information and losing their certificates as I did. I had a certificate for signing and encrypting mail messages. I logged into a mail account, saved password and then selected to encrypt the password, I am asked for my Master Password. I didn't remember giving a Master Password but since I had just added my cert I suspect it wants the password I gave while importing it. I give that password and I now have my mail passwords covered under the same password I have for my Cert. I decided I didn't want my mail passwords encrypted or saved, I selected Reset Master Password and I lost my Cert and had to import it again. Note: With 6.2.2 Clear Sensitive Information did not remove my Cert.
cc'ing jglick
> So basically we have taken a feature away from the 6.2.2 users We haven't taken anything away. This feature hasn't changed. This is the way it always worked. > With 6.2.2 Clear Sensitive Information did not remove my Cert. Are you sure about that?
In 6.2.2 (and earlier) Clear Sensitive Infomation would clear our all email saved passwords from the password manager even if they were only saved as obscure. It did not remove the Certificate. When user exited app and relaunched the app, they would then be asked for a password for each email account before logging in.
The feature we're taking away is the "Clear Sensitive Information" menu item.
OK, I apologize, you are right. The change came about in bug 102709 comment 19.
Thanks for pointing me to the bug, I've added this comment to that bug. Unfortunately renaming the menu item "Clear Sensititve Informtion" to "Reset Master Password" does more than a name change. The functionality is very different and can confuse the user who has used "Clear Sensitive Information". An example: 1.) I am a user who saved passwords for some of my mail accounts and have used Clear Sensitive Information to remove those saved passwords from the Password Manager. 2.) I have now added a cert to allow me to sign and encrypt mail messages 3.) I have gone to my mail account settings and assigned that cert to a mail account and have successfully signed and encrypted mail messages. 3.) I have some saved mail passwords and decided to Clear Sensitive Information so I can reset the mail passwords I want to be saved (this is how I did it in 6.2.2), so I use Reset Master Password which sounds the same and is in the same location as Clear Sensitive Information. Result: Sending fails because the cert has been removed. I get a message "Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Accounts Settings for this mail account are valid and trusted." Because of the remembered behavior of 6.2.2. when using Clear Sensitive Information I have no idea that my cert is now gone and my mail passwords are still saved. To Send messages, the user must now figure out they deleted their cert and import it again AND/OR uncheck the mail accounts settings for Security even though it still shows the cert name in the list box. They must also figure out that they now need to go to the Password manager to remove the mail servers from the Saved Passwords list. For backward compatibility and to avoid user confusion: Why can't we keep "Clear Sensitive Information" working the same way but maybe word it differently so the user knows it only removes the saved obscure passwords and add "Reset Master Password" for those who have encrypted their passwords stating it will remove the saved passwords as well as the master password and certs.
Component: Password Manager → S/MIME
Product: Browser → PSM
Target Milestone: mozilla1.1alpha → ---
Version: other → 1.01
I agree it will potentially be very confusing and fustrating for users who click "Reset Master Password" and later discover that Signing and/or Encryption in Mail don't work. They probably won't realized "Reset Master Password" removed their certificates and think something is broken.
See also Bug 136781. Clearing master passwords and/or deleting the certificates currently used to configure the smime settings needs to trigger a cleansing of the user prefs. At this point, the only work around is to go into the prefs.js file and blank out the configured certs and set the signing policy to false and the encryption policy to 0. Not a very good workaround... Looks like there needs to be tighter integration among mail, psm, and password mgmt, particularly when secure mail is configured. Also added the regression keyword, as we have inadvertantly replaced prior functionality with something 'else'. Ideally resetting the master password would allow the option to wipe the slate clean, which used to be the case with the 'Clear Sensitive Information' operation. Bug 102709 comment 19: >> When the passwords are obscured, you're not proposing to reset the master >> password, but if the passwords are encrypted, you're proposing to reset the >> master password in addition to deleting the store passwords? The same click >> would have vastly different effects. A delete all button should just have >> that functionality. > >I'm a little confused as to whether you are describing the way you think it >should be or that way it currently is. So let me tell you what we currently >have and why. > >The setting of the encrypt/obscure toggle has no effect on the delete-all. In >either case, all stored form-manager and password-manager information s deleted >and the master password is reset. Due to an oversight, the resetting of the >master password was not being done. Furthermore, the encrypt/obsure state was >set to obscure. This bug report asked that the toggle not be changed. The >patch maintains the original state of the toggle and also adds the resetting of >the master password which was accidentally left out of the original >implementation (although by design it was supposed to be there). > >The reason for this behavior goes back to the reason that this menu item was >added in the first place. It was put in because marketing asked that a user >who forgot his master password has to have some way to recover. Nominate nsbeta1 (as this really needs to be fixed by RTM), upped priority as well - users will hit this setting up their smime accounts.
Keywords: regression
Priority: -- → P1
Version: 1.01 → 2.3
Depends on: 136781
John, which group owns this bug?
Component: S/MIME → Client Library
The help text changes described in Comment #11 have been implemented. It's not clear to me what else needs to be done to fix this bug. Note that the Master Passwords prefs panel, the Rest Master Password dialog, and context-sensitive help all warn that resetting the master password will result in losing access to your certs. Reassigning to morse but not really sure who this belongs to now.
Assignee: cotter → morse
Target Milestone: --- → Future
Summary: - we removed the "clear sensitive data" feature - we did so, because we made the incorrect assumption, that "reset master password" would do the same - but in fact, if web/mail passwords are only obscured, not encrypted, resetting the master password will not forget the stored passwords - we confuse the user, because when a user resets the master password, we say that remembered other passwords will be cleared I suggest: - re-add the "clear sensitive data" feature - make the "reset master password" behaviour smarter. Make it detect whether web passwords encrypted or obscured. If they are obscured, do not mention them in the warning.
Priority: P1 → --
It seems to me that all the functionality is there, but more combersome. If you want to do what the old "clear sensitive information did", you need to go to the password manager dialog and do "remove all", then to the form manager dialog and "remove all". The issue now is to make those removals easier than having to go to the two dialogs. Perhaps a single menu item called "clear sensitive data". Perhaps a top-level item on the pref panel for form-manager and password-manager just like "reset master password" is now a top-level pref-panel item for master password. So it's a UE issue as to which we do. Reassigning.
Assignee: morse → marlon
Product: PSM → Core
Was able to reproduce this bug. Mac OsX 10.4.1
Whiteboard: [kerh-ehz]
QA Contact: tpreston → ui
This will be fixed when TB/SM switches to the new login manager.
Depends on: 239131
Version: psm2.3 → 1.0 Branch
Assignee: marlon.bishop → dolske
Version: 1.0 Branch → Trunk
Assignee: dolske → kaie
Depends on: 398886
Bug 239131 has been marked fixed. Comment 26 predicted this bug would be fixed, too. Is it fixed?
On the other hand, I think the "reset master password" user interface feature got removed from Thunderbird (and from Firefox). I don't understand why that happened... Anyway, this means, in order to test this bug one would have to use SeaMonkey... I remember someone mentioning a workaround for Firefox, which is to enter the chrome:// url for the reset-password dialog in a browser window. Given the lack of browser windows in Thunderbird, this workaround won't work there...
I think: * this bug should be assigned to "password management" * the password should reintroduce the option to reset the master password * if executed, all stored passwords should be deleted (as they can't be decrypted anyway) However, I'm not sure if "password management" is a core platform feature, or a Firefox feature these days? Please advice.
Assignee: kaie → nobody
Summary: Reset Master Password doesn't clear the saved passwords for mail → Reset Master Password doesn't clear the saved passwords (for mail, web, etc.)
This was fixed by bug 398886.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.