Closed
Bug 151303
Opened 22 years ago
Closed 17 years ago
Kill "Save logon?" dialog box
Categories
(SeaMonkey :: Passwords & Permissions, enhancement)
SeaMonkey
Passwords & Permissions
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 390025
Future
People
(Reporter: uksi, Unassigned)
Details
Remembering site logons is definitely a useful feature.
However, as it is right now, I almost never use it. The primary perpetrator is
the "Do you want Password Manager to remember this logon?" box. Because this
dialog box rudely interrupts my surfing experience with an unimportant
question, I propose to remove this dialog box (for good).
(All of the following is my opinion and not necessarily a statement of fact.)
This box is bad because:
1) I am often not sure whether I entered the correct password, but I can't be
sure until the web site responds to my logon attempt. However, Password Manager
forces me to decide whether to remember the logon right *now*, before I get the
web site's response. It puts me in a gambling position:
- if I select Yes, I am afraid that it will remember the incorrect password
and will keep prefilling the logon info with incorrect data. If the password
indeed turns out to be incorrect, will it remember the corrected logon the next
time I try or will it keep on using the original wrong password? There's no
(easy) way to tell, apart from trying to find this in the documentation or
actually experimenting with it to see what happens. If I do either of these, I
lose my concentration on whatever I was going to do, and possibly several
minutes of time. Thus, I am quite reluctant to select Yes.
- if I select No, I am afraid that if the password indeed turns out to be
correct, that I will just keep on surfing (after all, my objective was to log
onto the site to do something--remembering the password is a side thing) and
the password will not get remembered. To ensure remembering of the password,
I'd have to click "Back" after the successful logon and login again while
answering Yes to the "Remember logon?" dialog box. It is annoying to do so
(after all, I want to get on with my task on the site instead of trying to
accomodate the quirks of the Password Manager).
- if I select Never for this site... there's a good chance that I may select
this option despite wanting to remembered the logon, because I was too unsure
of whether to select Yes or No, grew impatient of the dialog box popping up on
my logon attempt.
So I'm reluctant to select "Yes", I'm reluctant to select "No", and I may
select "Never for this site" because I gave up on this feature (a weakling, I
know...). So which one do I select?
When I'm using a computer, I surely don't want to be gambling. Password
Manager's "Remember logon?" box makes me gamble. Bad!
2) "Yes" and "No" are not really an opposite pair. It's really "Yes" vs "Never
for this site" and a stray "No".
What is the reason for the "No" option anyway? Usually I either want to
remember the logon to the site (select "Yes") or not, because I consider the
logon to be too important to risk this relaxation on security (which is what
Password Manager does). In the latter case, I select "Never for this site". In
the former, I'm really saying "Always for this site." So why does one need
a "No" option?
Why would I want to *not* remember the logon to a website just once? There's a
chance that someone is logging in to a website on my computer under their own
logon that they don't want me to "have". They would select "No" (or rather "Not
this time") instead of "Never for this site" because they don't want to deprive
me of the password remembering functionality. If they select "Never for this
site", then I have to go to Preferences, Privacy & Security, Passwords, Manage
Stored Passwords, Passwords Never Saved and remove the site that my friend
selected "Never for this site" for. That's too much effort! Worse, all that
such removal (from "Passwords Never Saved" list) achieves is getting me back to
square one where I'm prompted with these three choices again. Isn't it very
likely that this removal (the fact that I'm putting in the effort to remove the
site from this list) indicates that I actually want to save the logon that I'm
about to enter? So instead of being able to tell the program "Ok, from now on,
please save this logon", I am telling it: "Ok, could you please ask me this
question again so that I have a chance to save this logon?"
So the "No" option is really an outgrowth of these problems. "No" is used by
those who are too reluctant to select "Yes" (see point #1 above) or by those
who don't want to force the user to go thru the process of reenabling this
question for a particular site.
3) This dialog box gets in the way! I'm logging on to the web site to do
something. Saving the password is a side concern of mine. It may be nice when I
get tired of entering the password (and only THEN will this feature be
important to me), but instead this dialog box insists on interrupting me. When
it pops up, I have to stop and think whether I want to save the password. And
because the dialog box has the abovementioned problems, I have to think more
about whether the password that I entered is truly correct and I want to
remember it, or whether I should be remembering this password for this site at
all, whether this logon is sensitive/important enough to warrant a "Never for
this site" choice.
While I'm thinking about these issues, I risk losing focus on what I was doing
on the site or reduce my concentration on my task. I may forget some number
that I was going to enter or a page that I wanted to check after I logged in,
because the time I spent thinking about whether to store the password has
pushed some things out of my short-term memory.
To avoid losing my focus, I often quickly dismiss the dialog box with a "No".
In fact, I have developed a habit to answer "No" to this dialog box, and many
times I find myself habitually selecting "No" and then realizing that it would
indeed be nice to remember this logon.
The core problem is that Password Manager asks me to make the decision when
*it* wants, instead of when *I* am ready to make it. It asks me to make this
decision way more often times than the times when I'm ready to make it. And
when I do make up my mind, there's no easy way for me to tell the computer to
remember the password. Instead, I have to tell the computer that it is now OK
for it to ask me this decision OK.
That's quite silly! Who's supposed to be in control here, the computer or me?
Sorry about the ranting, but this dialog box has made me waste time, forget
things and feel stupid too often.
Here's my proposed solution:
1) Kill the dialog box.
2) After I login to a web site, indicate passively on the screen that I have
the opportunity to remember the logon.
3) If I select the indicator, Password Manager saves my logon. Without asking
me any questions! The indicator changes to show that the logon has been saved.
4) If I am at a logon page for which Password Manager has already saved the
logon, or if I just logged in using a saved logon, Passoword Manager passively
indicates (using the same indicator) that the logon is saved (in the way that
it did when I clicked to save it). If I select the indicator, Password Manager
forgets the login to this site and reverts to the state where it shows that I
have the opportunity to save this logon.
5) So it acts like a toggle. If I clicked the indicator to remember my logon
and then changed my mind ("Oops, nah I really didn't mean that") then I can
click the indicator again and make Mozilla forget the password. And then we're
back to step 2.
6) Password Manager preferences no longer have "Never for this site" tab, the
only thing that you do in the "Manage Saved Passwords" dialog box is delete
saved passwords. (Of course, it'll be just as easy to go to the site and click
the indicator to forget the login).
7) The only dialog box that may ever appear during clicking of the indicator is
the "Enter Master Password" one, and that's for them paranoid folks. ;)
How and where this indicator should appear is debatable. The place that is most
realistic to do right now is in the shape of an icon in the status bar, next to
the "Online" and "Secure/Insecure" icons. One idea for its appearance is
a "Key" for the "Logon is remembered/Click to forget" mode and "Key with X
across it" for the "Logon can be remembered/Click to remember" state.
Another way would be to just have words "Logon saved"/"Save logon?" appear
somewhere on the status bar and be clickable in a form of a button. Or maybe
the status bar is not the best idea. That's for the interface buffs to figure
out :)
Most importantly, I would love the interaction that I proposed, which is user-
controlled. I would be able to save my logons when *I* want. I'm tired of
typing the login all the time? Ok, let's click. There's no annoying,
interrupting, unsure-decision dialog boxes. I changed my mind and don't want it
to remember the password? Click.
Comment 1•22 years ago
|
||
cc'ing mpt for his opinion
Comment 2•22 years ago
|
||
actually reassigning to UI design to have a look...
Assignee: morse → mpt
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Password Manager → User Interface Design
Ever confirmed: true
QA Contact: tpreston → zach
Hardware: PC → All
Comment 3•22 years ago
|
||
See also bug 141057, "RFE: do not wait for password dialog user input to submit
forms, and show what login info will be stored in the dialog". That would
solve the problem of not knowing whether the username/password being saved is
correct.
Reporter | ||
Comment 4•22 years ago
|
||
Bug 141057's suggestion definitely reduces the annoyance of the "Save logon?"
dialog box. In fact, it would eliminate the first drawback from this bug's
original description: i.e. no more gambling/uncertainty when opting to
remember the password or not. However, drawbacks 2 and 3 still remain.
I can see some problems with bug 141057's suggestion. I don't know of any
dialog boxes in Mozilla that persist across page loads. The user may get
confused at this new behavior: a dialog box that stays up after the new page
is loaded. Often, when users see a new page load up, they are ready to surf
it, not answer dialog boxes. Also, what if it obscures the part that lets the
user judge whether they logged in or not? (Admittedly, this would happen quite
rarely, so nevermind..) What happens if the user clicks on another link on the
page? (After all, the dialog box is modeless) Does it stay up until it is
responded to or does it disappear?
Still, the core problem remains: the password manager dialog box pops up at
the computer's whim and has to be dealt with before the user can keep on
browsing. This is poor interaction: the computer directs the interaction
(requires an answer to a dialog). The alternative that I propose in this bug
turns the interaction around, so that only when the user feels like saving the
password, he requests it (he guides the interaction). (Or she).
uid is being phased out.
Assignee: mpt → morse
Component: User Interface Design → Password Manager
QA Contact: zach → tpreston
Updated•22 years ago
|
Target Milestone: --- → Future
Reassigning to new module owner.
Assignee: morse → dveditz
Comment 7•21 years ago
|
||
I too agree with some of these arguments.
I have a password for a secure HTTPS site, and I stored it in Password Manager.
So far, so good.
The password IS STORED now, so why does this dialog box pop up all the time
when I restart Mozilla anyway?
*If* a password is already stored, a simple https://andreas@securesite.dot.com
should actually link directly to the site, skipping that dialog.
Dialog should only pop up for re-entering if the password is WRONG and the web
server spits out a 'Permission denied'.
My 2 cents.
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•19 years ago
|
Assignee: dveditz → nobody
Reporter | ||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•