Open Bug 1463865 (oskeystore) Opened 7 years ago Updated 5 days ago

[meta] Support OS-level secret-keeping

Categories

(Core :: Security: PSM, enhancement, P3)

61 Branch
enhancement

Tracking

()

People

(Reporter: jcj, Unassigned)

References

(Depends on 4 open bugs, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [psm-tracking])

This meta-bug tracks designing and then implementing an interface for generating, storing, and retrieving secrets from the operating systems on which Firefox runs.
See Also: → 1464827
Priority: -- → P3
Whiteboard: [psm-tracking]
What is the use case for this feature?
> What is the use case for this feature? This is going to be used for passwords stored in Firefox to start with (and should be used for all sensitive data Firefox puts on the hard drive in future).
AIUI, the first project to use this feature will be web payments, in order to store credit card data more securely. I believe that password storage will happen after we deploy this feature for web payments.
Blocks: 1556794
Alias: oskeystore
Depends on: 1562324
Assignee: franziskuskiefer → nobody
Status: ASSIGNED → NEW
Priority: P3 → --
Priority: -- → P3
Depends on: 1498909
See Also: → 1695998
Severity: normal → S3

Hi,
This is more a "feature request" than a bug report, but I strongly plead in favor of moving from "Primary password" (that most people don't activate and don't even know it exists ) to a platform protection when available, transparently activated instead.

Our company will probably move from Firefox to another browser because of that...

Depends on: 1586072

Hi, It seems that latest FF (and TB) supports now that feature, yes ?
"Require Device sign in to fill and manage passwords"

(In reply to duparchy from comment #5)

Hi, It seems that latest FF (and TB) supports now that feature, yes ?
"Require Device sign in to fill and manage passwords"

No - that setting doesn't store secrets in OS-provided storage. It's more like "check if you're authorized to use this machine before accessing secrets stored by Firefox".

You need to log in before you can comment on or make changes to this bug.