[meta] Use Apple's password rules data to improve password generation experience
Categories
(Toolkit :: Password Manager, enhancement, P2)
Tracking
()
People
(Reporter: tgiles, Assigned: tgiles)
References
(Depends on 2 open bugs, Blocks 3 open bugs, )
Details
(Keywords: feature-testing-meta, Whiteboard: [passwords:generation])
Attachments
(6 files, 1 obsolete file)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
3.24 KB,
text/plain
|
jhirsch
:
data-review+
|
Details |
Apple has open sourced some resources for password managers including data for password rules for particular websites. In order to improve the password manager experience for users, this data and the related parser will be implemented so that Firefox's password manager is able to generate site appropriate passwords.
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
Depends on D114108
|
|
Assignee | |
Comment 2•3 years ago
|
||
Depends on D114109
|
|
Assignee | |
Comment 3•3 years ago
|
||
Depends on D114110
|
|
Assignee | |
Comment 4•3 years ago
|
||
Depends on D114111
|
|
Assignee | |
Comment 5•3 years ago
|
||
Depends on D114112
|
|
Assignee | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 6•3 years ago
|
||
This patch adds two scalars to keep track of the number of passwords generated via custom rules and default rules when "signon.improvedPasswordRules.enabled" is true.
This way, we can see if there is actual use of this feature for future decisions.
Depends on D114113
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 7•3 years ago
|
||
|
||
Comment 8•3 years ago
|
||
Comment on attachment 9225288 [details]
data-request-review.md
Data Review Form (to be filled by Data Stewards)
Instructions: Data Stewards will review a request for data collection and endorse responses to each question. If the request does not provide answers to questions, reviewers give an r- and point to the questions that can’t be answered.
- Is there or will there be documentation that describes the schema for the ultimate data set in a public, complete, and accurate way?
Yes. This data set will be documented alongside other desktop telemetry data.
- Is there a control mechanism that allows the user to turn the data collection on and off? (Note, for data collection not needed for security purposes, Mozilla provides such a control mechanism) Provide details as to the control mechanism available.
Yes. Users can disable telemetry (easiest) or disable the signon.improvedPasswordRules.enabled pref.
- If the request is for permanent data collection, is there someone who will monitor the data over time?
Yes, tgiles.
- Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?
Category 2, interaction data.
- Is the data collection request for default-on or default-off?
Default-on.
- Does the instrumentation include the addition of any new identifiers (whether anonymous or otherwise; e.g., username, random IDs, etc. See the appendix for more details)?
No.
- Is the data collection covered by the existing Firefox privacy notice?
Yes.
- Does the data collection use a third-party collection tool?
No.
Pushed by tgiles@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c939fa286658 Add 'improved password rules' pref. r=dimi https://hg.mozilla.org/integration/autoland/rev/79da4ac1afde Add PasswordRulesParser module. r=dimi https://hg.mozilla.org/integration/autoland/rev/fdd660f156e9 Generate passwords based on rules and domain. r=dimi https://hg.mozilla.org/integration/autoland/rev/efce1f6171b2 Add and fix tests due to new password generation feature. r=dimi https://hg.mozilla.org/integration/autoland/rev/7f5394e45e8d Add telemetry probe for number of passwords generated by custom rules versus default rules. r=dimi
|
|
Assignee | |
Comment 10•3 years ago
•
|
||
Setting the QE verify flag since we want to make sure we aren't regressing other parts of password generation. However, we currently don't have data in our "password-rules" remote settings collection, so we won't generate any improved password currently. I am aware of this issue and will post back once we have data in this collection. Until then though, QA will not be able to verify this change.
|
||
Comment 11•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/c939fa286658
https://hg.mozilla.org/mozilla-central/rev/79da4ac1afde
https://hg.mozilla.org/mozilla-central/rev/fdd660f156e9
https://hg.mozilla.org/mozilla-central/rev/efce1f6171b2
https://hg.mozilla.org/mozilla-central/rev/7f5394e45e8d
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 12•3 years ago
|
||
:tbabos, the data needed for this feature is now available in Firefox and so the feature is ready for verification!
|
||
Updated•3 years ago
|
|
|
||
Comment 14•3 years ago
|
||
Marking this as verified-fixed given we already tested on Nightly 91.0a1 and one round on Beta 91.0bx as well. There were no issues or regressions caused by this implementation.
Description
•