Add telemetry events for tracking whether the user authenticated successfully or not with OS auth
Categories
(Firefox :: about:logins, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox75 | --- | unaffected |
firefox76 | --- | verified |
firefox77 | --- | verified |
People
(Reporter: jaws, Assigned: jaws)
References
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
tdsmith
:
data-review+
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
We'd like to track the success rate of OS auth (bug 1194529). We can add some telemetry objects and methods to the pwmgr:mgmt_interaction event object to support this.
I propose the following objects and methods:
objects: ["os_auth", "mp_auth"]
methods: ["auth_pass", "auth_fail"]
Extra keys will be skipped
which will be true when the user previously authenticated successfully and the request was made before the previous authentication expired, and disabled
which will be true on environments where the feature is not available.
Canceling will be treated as a failure.
The events will get recorded in the content process alongside the other events that we record.
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Comment 2•5 years ago
|
||
Comment on attachment 9138910 [details]
Bug 1628029 - Add telemetry events for OS authentication.
It would be helpful if you could explain the new combinations of (method, object, extra) in the event description and/or create a new event for these interactions; I think it would be hard to understand what this new telemetry measures by consulting the probe dictionary.
Assignee | ||
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Comment on attachment 9138910 [details]
Bug 1628029 - Add telemetry events for OS authentication.
Treating this as an extension of the review request from bug 1549115 with the changes:
- indefinite collection
- jaws is committed for monitoring
- Is there or will there be documentation that describes the schema for the ultimate data set in a public, complete, and accurate way?
Yes, in events.yaml and the probe dictionary.
- Is there a control mechanism that allows the user to turn the data collection on and off?
Yes, the Firefox telemetry opt-out.
- If the request is for permanent data collection, is there someone who will monitor the data over time?
Yes, :jaws.
- Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?
Category 2, interaction data.
- Is the data collection request for default-on or default-off?
Default-on.
- Does the instrumentation include the addition of any new identifiers?
No.
- Is the data collection covered by the existing Firefox privacy notice?
Yes.
- Does there need to be a check-in in the future to determine whether to renew the data?
No, permanent collection.
- Does the data collection use a third-party collection tool?
No.
Assignee | ||
Comment 4•5 years ago
|
||
Hi Richard, we're changing the API of OSKeyStore.jsm and I wanted to let you know since Thunderbird is using this.
Comment 5•5 years ago
|
||
Thank you, Jared, for the heads up.
So for us it's the change from if (!loggedIn) {
to if (!loggedIn.authenticated) {
like in privacy.js. Correct?
Assignee | ||
Comment 6•5 years ago
|
||
(In reply to Richard Marti (:Paenglab) from comment #5)
Thank you, Jared, for the heads up.
So for us it's the change from
if (!loggedIn) {
toif (!loggedIn.authenticated) {
like in privacy.js. Correct?
Yes, that is correct.
Comment 8•5 years ago
|
||
bugherder |
Assignee | ||
Comment 9•5 years ago
|
||
Comment on attachment 9138910 [details]
Bug 1628029 - Add telemetry events for OS authentication.
Beta/Release Uplift Approval Request
- User impact if declined: Less knowledge about how users are using the new features in Lockwise (about:logins)
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): just adding telemetry
- String changes made/needed: none
Comment 10•5 years ago
|
||
Comment on attachment 9138910 [details]
Bug 1628029 - Add telemetry events for OS authentication.
Adds some new Telemetry probes around an important set of changes shipping in Fx76. Approved for 76.0b6.
Comment 11•5 years ago
|
||
bugherder uplift |
Comment 12•5 years ago
|
||
I have verified this issue and the telemetry events are correctly registered. Tested using Firefox Beta 76.0b6 (Build ID 20200420031429) and the latest Nightly 77.0a1 build (Build ID: 20200421094220) on Windows 10 x64, Mac 10.14.6, Mac 10.11 and Ubuntu 18.04 x64.
Here are the test results:
When a master password is NOT set:
- When the auth dialog is canceled or a wrong password is entered the following event is registered:
pwmgr reauthenticate os_auth fail
- When a correct password is entered in the OS auth the following event is registered:
pwmgr reauthenticate os_auth success
- When you recently authenticate and the "Show password", "Copy" or "Edit" button was clicked, the following event is registered:
pwmgr reauthenticate os_auth success_no_prompt
- The OS dosen't have any password set and the "Show password", "Copy" or "Edit" button is clicked, the following event is registered:
pwmgr reauthenticate os_auth success_no_password
- When the feature is is disabled and the "Show password", "Copy" or "Edit" button is clicked, the following event is registered:
pwmgr reauthenticate os_auth success_disabled
- When the feature is not supported and the "Show password", "Copy" or "Edit" button is clicked (tested on Ubuntu 18.04 and Mac 10.11):
pwmgr reauthenticate os_auth success_unsupoerted_platform
When a master password is set:
- When the Master Password dialog is canceled or a wrong password is entered the following event is registered:
pwmgr reauthenticate master_password fail
- When a correct password is entered in the Master Password dialog the following event is registered:
pwmgr reauthenticate master_password success
- When you recently authenticate and the "Show password", "Copy" or "Edit" button was clicked, the following event is registered:
pwmgr reauthenticate master_password success_no_prompt
Description
•