Closed Bug 1644807 Opened 8 months ago Closed 6 months ago

Replace all user-facing instances that refer to "master" password

Categories

(Toolkit :: Password Manager, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla80
Tracking Status
firefox-esr68 --- wontfix
firefox-esr78 --- wontfix
firefox78 --- wontfix
firefox79 --- wontfix
firefox80 --- fixed

People

(Reporter: jdavidson, Assigned: MattN)

References

(Depends on 2 open bugs, Blocks 2 open bugs)

Details

Attachments

(7 files)

The term "master" in software makes reference to the "Master/Slave" relationship. As one action to uproot this problematic terminology (see Meta bug), we should replace it.

The first 2 instances where "master" shows up is in Preferences/Options under Privacy & Security: "Use a master password" and "Change Master Password...".

What should we change it to? I don't know.

Component: Preferences → Password Manager
Product: Firefox → Toolkit

We talked about as a team before and didn't have great ideas but I think we could probably get away with removing the word "master" from the top-level of preferences doing something like:

[X] Protect saved credentials with a password [Change Password…]

and leaving "master password" as a keyword for search in the short term. Would anyone object to making this change (with CS input on the string) as a first step? 99% of users don't use the feature so removing the language from the checkbox would already significantly reduce the exposure of this term.

We probably still want a name to refer to this password so users know which password to enter when they are prompted. I guess we could use similar language like "Please enter the password used to protect saved credentials" or something like that? As long as the way we refer to the password is consistent it could work, though it's harder to search for on Google/SUMO/Preferences without a proper noun.

Severity: -- → N/A
Flags: qe-verify+
Priority: -- → P2

How about switching to "passphrase" instead?

Per https://en.wikipedia.org/wiki/Passphrase, "A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security."

That sounds exactly like what we need in this context.

(In reply to Andreas Bovens [:abovens] from comment #2)

How about switching to "passphrase" instead?

Per https://en.wikipedia.org/wiki/Passphrase, "A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security."

That sounds exactly like what we need in this context.

The distinction between password and passphrase is in terms of content/length, whereas the distinction here seems more like one of purpose.

Could we use "Control password" or "Main password"? Or, if we want to continue the analogy with keys, "skeleton password" (cf. https://en.wikipedia.org/wiki/Skeleton_key )? That's possibly too technical though...

Katie, Betsy, Michelle, and I got together to talk.
Next steps:

  1. Finish audit of current instances;
  2. Content team to discuss options with localization team on Wednesday June 17;
  3. Use transvision to file bugs to change;
  4. Do an audit of instances of "master password" in SUMO;
  5. Draft SUMO article stub explaining change in terminology.

Right now, the ball is in Content's court, and they'll update us on further next steps soon.

Thanks for the update; I just wanted to add some additional renaming ideas from others that came up in a meeting this morning:

  • Stefan Zabka:
    • Root Password

  • Johann Hofmann:
    • Something like Vault Key or another more real-world analogy?

  • Nihanth Subramanya:
    • MacOS’s “Keychain” analogy has always worked great (e.g. “keychain password”)

We will be replacing the term Master Password in our product with Primary Password. All instances of this term should be replaced. See
Transvision for instances of where the term appears.

In preferences, we'd like to transition users to the new term, as immediately deprecating the term could be confusing to users who use it and are familiar with it. This transition language will apply on about:preferences#privacy and should remain for Release 80. By Release 81, the term Master Password should be deprecated entirely in the product.

Release 80
Use a Primary Password Learn more
Formerly known as Master Password
NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.

Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article link

Blocks: 1649482
Blocks: 1649522

Here's the stable link to the upcoming SUMO article ( https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/primary-password-change)

Please replace the version/os/locale part with real values and it will redirect to the upcoming SUMO article.

Comps attached of how these strings should look in Release 80 and Release 81.

Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
Depends on: 1653486

TODO in more commits:

  1. SUMO link (moved to bug 1653798)
  2. transitional text for Fx80 (attachment 9163538 [details]) (moved to bug 1653798)
  3. .properties references in security/

:Keeler, do you happen to know if we use security/manager/pki/resources/content/changepassword.js in Firefox? If not, do you know if other applications use it? It seems like Firefox uses toolkit/mozapps/preferences/changemp.js instead.

:Pike, is it fine to keep the two C++ references using .properties file after this change since there aren't any other consumers of Fluent from C++ yet and we want this in Fx80?

Flags: needinfo?(l10n)
Flags: needinfo?(dkeeler)

Re the

Formerly known as Master Password

string, some languages don't use a "master"-ish phrase, but something more like main or central. Their old and new translation might be the same.

I haven't found that in code yet, but if we do this, maybe a comment would be good? I wonder if the "right" translation in that case would be an empty string?

Keeping the NI as I haven't looked into the other question yet.

(In reply to Betsy Mikel [:betsymi] from comment #6)

NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.

Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article link

Since the learn more link is beside "Use a Primary Password", shouldn't that link to https://support.mozilla.org/kb/use-master-password-protect-stored-logins and have a separate link for the "Formerly known as Master Password" line? Right now there is no link to SUMO about the feature, which is a problem, but now we're going to link to a page that only talks about the name change? Do we even need a whole separate article about the new name when we have the existing feature page that we can add a banner to the top of?

Flags: needinfo?(bmikel)

(In reply to Matthew N. [:MattN] from comment #13)

:Pike, is it fine to keep the two C++ references using .properties file after this change since there aren't any other consumers of Fluent from C++ yet and we want this in Fx80?

Yes.

Also, one of the examples why we need Great API for accessing Fluent from C++. Wheeping a little, longing for coffee.

Flags: needinfo?(l10n)

(In reply to Matthew N. [:MattN] from comment #15)

(In reply to Betsy Mikel [:betsymi] from comment #6)

NOTE: Learn more will link to a SUMO article explaining the change in terminology. I will post the link ID once I have it.

Release 81
Use a Primary Password Learn more
NOTE: Same SUMO article link

Since the learn more link is beside "Use a Primary Password", shouldn't that link to https://support.mozilla.org/kb/use-master-password-protect-stored-logins and have a separate link for the "Formerly known as Master Password" line? Right now there is no link to SUMO about the feature, which is a problem, but now we're going to link to a page that only talks about the name change? Do we even need a whole separate article about the new name when we have the existing feature page that we can add a banner to the top of?

Really great point. Let's use the link you suggested. We will be introducing text on the page explaining the name change as well. Thank you!

Flags: needinfo?(bmikel)

(In reply to Matthew N. [:MattN] from comment #13)

:Keeler, do you happen to know if we use security/manager/pki/resources/content/changepassword.js in Firefox? If not, do you know if other applications use it? It seems like Firefox uses toolkit/mozapps/preferences/changemp.js instead.

It's used to change the password on third-party PKCS#11 modules (see the "Security Devices" dialog in about:preferences). Incidentally, the terminology more commonly used is "PIN" or, more specifically in this case, "user PIN". I suppose just "password" or "user password" would be sufficient. "primary password" might be confusing or misleading, and "master password" never made any sense.

Flags: needinfo?(dkeeler)
Depends on: 1653693
Depends on: 1653798
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/39f3cb77e407
Switch to Primary Password user-facing terminology in browser/. r=Gijs,mkaply,fluent-reviewers,preferences-reviewers
https://hg.mozilla.org/integration/autoland/rev/937b6773a66f
Switch to Primary Password user-facing terminology in toolkit/. r=Gijs,fluent-reviewers,preferences-reviewers,Pike
https://hg.mozilla.org/integration/autoland/rev/78ef46e35e65
Switch to Primary Password user-facing terminology in security/ .ftl files. r=keeler,fluent-reviewers,Pike
https://hg.mozilla.org/integration/autoland/rev/5320cef2bed3
Switch to Primary Password terminology for the prompt to enter it. r=keeler
https://hg.mozilla.org/integration/autoland/rev/2e2dfc1d13b2
Switch to Primary Password user-facing terminology in security/ .properties files. r=keeler,fluent-reviewers,flod

I can confirm that the entry from about:preferences#privacy is correctly displayed as "Use a Primary Password" and has the extra string below it "Formerly known as Master Password" in Nightly v80.0a1 from 2020-07-23 in Windows 10, Ubuntu 20.04 LTS and Mac OS 10.15.

I have verified the following:

  • about:preferences#privacy area
  • Primary Password set/change modal
  • Remove Primary Password modal
  • "You have deleted your Primary Password. Your stored passwords and private keys will not be protected." message
  • "You did not enter the correct current Primary Password. Please try again." error message.
  • "Please enter your Primary Password." modal.
  • "Please enter your Primary Password to view saved logins & passwords" notification bar message
  • "Primary Password successfully changed" message

I have found these to still display "Master" instead of "Primary":

Furthermore, the Transvision list of references to "Master Password" is very long. I don't know how to find some of them.
Matt, do you consider I should find ALL references? If so, how do you propose it would be best done? is there a better way than searching for one reference at a time?

P.S. This bug will not be verified until we can verify Fx81 as well.

Flags: needinfo?(MattN+bmo)

Maybe Transvision lists strings no longer used in mozilla-central?

Flags: needinfo?(mozilla+bmo)
See Also: → 1679840
You need to log in before you can comment on or make changes to this bug.