Replace all user-facing instances that refer to "master" password
Categories
(Toolkit :: Password Manager, enhancement, P2)
Tracking
()
People
(Reporter: jdavidson, Assigned: MattN)
References
(Blocks 2 open bugs)
Details
Attachments
(7 files)
|
154.39 KB,
image/png
|
Details | |
|
160.01 KB,
image/png
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review |
Release 81 Primary Password.png
The term "master" in software makes reference to the "Master/Slave" relationship. As one action to uproot this problematic terminology (see Meta bug), we should replace it.
The first 2 instances where "master" shows up is in Preferences/Options under Privacy & Security: "Use a master password" and "Change Master Password...".
What should we change it to? I don't know.
|
||
Updated•4 years ago
|
|
Assignee | |
Comment 1•4 years ago
|
||
We talked about as a team before and didn't have great ideas but I think we could probably get away with removing the word "master" from the top-level of preferences doing something like:
[X] Protect saved credentials with a password [Change Password…]
and leaving "master password" as a keyword for search in the short term. Would anyone object to making this change (with CS input on the string) as a first step? 99% of users don't use the feature so removing the language from the checkbox would already significantly reduce the exposure of this term.
We probably still want a name to refer to this password so users know which password to enter when they are prompted. I guess we could use similar language like "Please enter the password used to protect saved credentials" or something like that? As long as the way we refer to the password is consistent it could work, though it's harder to search for on Google/SUMO/Preferences without a proper noun.
|
||
Comment 2•4 years ago
|
||
How about switching to "passphrase" instead?
Per https://en.wikipedia.org/wiki/Passphrase, "A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security."
That sounds exactly like what we need in this context.
|
|
||
Comment 3•4 years ago
|
||
(In reply to Andreas Bovens [:abovens] from comment #2)
How about switching to "passphrase" instead?
Per https://en.wikipedia.org/wiki/Passphrase, "A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security."
That sounds exactly like what we need in this context.
The distinction between password and passphrase is in terms of content/length, whereas the distinction here seems more like one of purpose.
Could we use "Control password" or "Main password"? Or, if we want to continue the analogy with keys, "skeleton password" (cf. https://en.wikipedia.org/wiki/Skeleton_key )? That's possibly too technical though...
|
Reporter | |
Comment 4•4 years ago
•
|
||
Katie, Betsy, Michelle, and I got together to talk.
Next steps:
- Finish audit of current instances;
- Content team to discuss options with localization team on Wednesday June 17;
- Use transvision to file bugs to change;
- Do an audit of instances of "master password" in SUMO;
- Draft SUMO article stub explaining change in terminology.
Right now, the ball is in Content's court, and they'll update us on further next steps soon.
|
||
Comment 5•4 years ago
|
||
Thanks for the update; I just wanted to add some additional renaming ideas from others that came up in a meeting this morning:
- Stefan Zabka:
-
Root Password
-
- Johann Hofmann:
-
Something like Vault Key or another more real-world analogy?
-
- Nihanth Subramanya:
-
MacOS’s “Keychain” analogy has always worked great (e.g. “keychain password”)
-
|
||
Comment 6•4 years ago
•
|
||
We will be replacing the term Master Password in our product with Primary Password. All instances of this term should be replaced. See
Transvision for instances of where the term appears.
In preferences, we'd like to transition users to the new term, as immediately deprecating the term could be confusing to users who use it and are familiar with it. This transition language will apply on about:preferences#privacy and should remain for Release 80. By Release 81, the term Master Password should be deprecated entirely in the product.
Release 80
Use a Primary Password Learn more
Formerly known as Master Password
NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.
Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article link
Here's the stable link to the upcoming SUMO article ( https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/primary-password-change)
Please replace the version/os/locale part with real values and it will redirect to the upcoming SUMO article.
|
|
||
Comment 8•3 years ago
|
||
Comps attached of how these strings should look in Release 80 and Release 81.
|
|
||
Comment 9•3 years ago
|
||
|
|
Assignee | |
Comment 10•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 11•3 years ago
|
||
Depends on D83895
|
|
Assignee | |
Comment 12•3 years ago
|
||
Depends on D83896
|
|
Assignee | |
Comment 13•3 years ago
•
|
||
TODO in more commits:
- SUMO link (moved to bug 1653798)
- transitional text for Fx80 (attachment 9163538 [details]) (moved to bug 1653798)
- .properties references in security/
:Keeler, do you happen to know if we use security/manager/pki/resources/content/changepassword.js in Firefox? If not, do you know if other applications use it? It seems like Firefox uses toolkit/mozapps/preferences/changemp.js instead.
:Pike, is it fine to keep the two C++ references using .properties file after this change since there aren't any other consumers of Fluent from C++ yet and we want this in Fx80?
|
||
Comment 14•3 years ago
|
||
Re the
Formerly known as Master Password
string, some languages don't use a "master"-ish phrase, but something more like main or central. Their old and new translation might be the same.
I haven't found that in code yet, but if we do this, maybe a comment would be good? I wonder if the "right" translation in that case would be an empty string?
Keeping the NI as I haven't looked into the other question yet.
|
|
Assignee | |
Comment 15•3 years ago
|
||
(In reply to Betsy Mikel [:betsymi] from comment #6)
NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.
Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article link
Since the learn more link is beside "Use a Primary Password", shouldn't that link to https://support.mozilla.org/kb/use-master-password-protect-stored-logins and have a separate link for the "Formerly known as Master Password" line? Right now there is no link to SUMO about the feature, which is a problem, but now we're going to link to a page that only talks about the name change? Do we even need a whole separate article about the new name when we have the existing feature page that we can add a banner to the top of?
|
|
||
Comment 16•3 years ago
|
||
(In reply to Matthew N. [:MattN] from comment #13)
:Pike, is it fine to keep the two C++ references using .properties file after this change since there aren't any other consumers of Fluent from C++ yet and we want this in Fx80?
Yes.
Also, one of the examples why we need Great API for accessing Fluent from C++. Wheeping a little, longing for coffee.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 17•3 years ago
|
||
(In reply to Matthew N. [:MattN] from comment #15)
(In reply to Betsy Mikel [:betsymi] from comment #6)
NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.
Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article linkSince the learn more link is beside "Use a Primary Password", shouldn't that link to https://support.mozilla.org/kb/use-master-password-protect-stored-logins and have a separate link for the "Formerly known as Master Password" line? Right now there is no link to SUMO about the feature, which is a problem, but now we're going to link to a page that only talks about the name change? Do we even need a whole separate article about the new name when we have the existing feature page that we can add a banner to the top of?
Really great point. Let's use the link you suggested. We will be introducing text on the page explaining the name change as well. Thank you!
(In reply to Matthew N. [:MattN] from comment #13)
:Keeler, do you happen to know if we use security/manager/pki/resources/content/changepassword.js in Firefox? If not, do you know if other applications use it? It seems like Firefox uses toolkit/mozapps/preferences/changemp.js instead.
It's used to change the password on third-party PKCS#11 modules (see the "Security Devices" dialog in about:preferences). Incidentally, the terminology more commonly used is "PIN" or, more specifically in this case, "user PIN". I suppose just "password" or "user password" would be sufficient. "primary password" might be confusing or misleading, and "master password" never made any sense.
|
|
Assignee | |
Comment 19•3 years ago
|
||
Depends on D83898
|
|
Assignee | |
Comment 20•3 years ago
|
||
Depends on D84026
|
||
Comment 21•3 years ago
|
||
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/39f3cb77e407 Switch to Primary Password user-facing terminology in browser/. r=Gijs,mkaply,fluent-reviewers,preferences-reviewers https://hg.mozilla.org/integration/autoland/rev/937b6773a66f Switch to Primary Password user-facing terminology in toolkit/. r=Gijs,fluent-reviewers,preferences-reviewers,Pike https://hg.mozilla.org/integration/autoland/rev/78ef46e35e65 Switch to Primary Password user-facing terminology in security/ .ftl files. r=keeler,fluent-reviewers,Pike https://hg.mozilla.org/integration/autoland/rev/5320cef2bed3 Switch to Primary Password terminology for the prompt to enter it. r=keeler https://hg.mozilla.org/integration/autoland/rev/2e2dfc1d13b2 Switch to Primary Password user-facing terminology in security/ .properties files. r=keeler,fluent-reviewers,flod
|
||
Comment 22•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/39f3cb77e407
https://hg.mozilla.org/mozilla-central/rev/937b6773a66f
https://hg.mozilla.org/mozilla-central/rev/78ef46e35e65
https://hg.mozilla.org/mozilla-central/rev/5320cef2bed3
https://hg.mozilla.org/mozilla-central/rev/2e2dfc1d13b2
|
||
Comment 23•3 years ago
•
|
||
I can confirm that the entry from about:preferences#privacy is correctly displayed as "Use a Primary Password" and has the extra string below it "Formerly known as Master Password" in Nightly v80.0a1 from 2020-07-23 in Windows 10, Ubuntu 20.04 LTS and Mac OS 10.15.
I have verified the following:
- about:preferences#privacy area
- Primary Password set/change modal
- Remove Primary Password modal
- "You have deleted your Primary Password. Your stored passwords and private keys will not be protected." message
- "You did not enter the correct current Primary Password. Please try again." error message.
- "Please enter your Primary Password." modal.
- "Please enter your Primary Password to view saved logins & passwords" notification bar message
- "Primary Password successfully changed" message
I have found these to still display "Master" instead of "Primary":
- The article that opens when clicking the "Learn more" link from the "Use Primary Password" checkbox:
https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins?as=u&utm_source=inproduct - The article that opens when clicking the "Learn more" link from the "Show alerts about passwords for breached websites" checkbox:
https://support.mozilla.org/en-US/kb/firefox-lockwise-alerts-breached-websites?as=u&utm_source=inproduct
Furthermore, the Transvision list of references to "Master Password" is very long. I don't know how to find some of them.
Matt, do you consider I should find ALL references? If so, how do you propose it would be best done? is there a better way than searching for one reference at a time?
P.S. This bug will not be verified until we can verify Fx81 as well.
|
|
||
Updated•3 years ago
|
| Comment hidden (admin-reviewed) |
| Comment hidden (admin-reviewed) |
|
|
Assignee | |
Comment 26•3 years ago
|
||
Maybe Transvision lists strings no longer used in mozilla-central?
|
||
Updated•2 years ago
|
Description
•