Open Bug 1691459 Opened 5 years ago Updated 5 years ago

Primary (master) password is under 'Logins and Passwords' but also applies to 'Certificates'

Categories

(Firefox :: Settings UI, enhancement)

Product:
Firefox
Component:
Settings UI
Version:
Firefox 85
Type:
enhancement

Tracking

()

People

(Reporter: gerard.bosch, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0

Steps to reproduce:

  1. Open 'Preferences' aka 'Options'
  2. Select 'Privacy & Security' tab
  3. Look for 'Primary password' formerly 'master password'

Actual results:

Primary password appears under 'Login and Passwords', but its definition applies to more things than passwords.

At least, defining such primary password protects the certificates, which are listed in another section, down the page in 'Security' section.

Also, if you click to 'Learn more' in primary password, the page it redirects does not state that fact (certificates are also protected by the primary password).

This is very confusing, and it should be somehow packed together. Also the online documentation should accurately state everything that the primary password protects, not only passwords.

Aside from this, the switch from 'Master password' to 'Primary password' is very confusing. I don't think that when the 'master' word is writen it has to forcefully relate with 'master-slave' concept. There are a lot more definitions for master, some examples:

  • In an orchestra, it is called master the person that coordinates the orchestra (there is no meaning of racism in there).
  • In education, a Master is an official degree
  • In crafts, a master is a person very skilled and with a lot of experience in the field.

Switching terms like this with no universal replacement breaks user's mind. Like 'main' in Github, 'primary' in Firefox,... Master password is a well established term in the security industry.

Expected results:

The primary/master password should clearly state that also applies to certificates (and maybe other stuff than login/passwords).

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit

Please don't conflate 2 issues in one bug. The comments about the primary vs. master terms distract from what is otherwise a valid and useful bug report.
Yes, Primary Password is also used for certificates, and that could be clearer. I'm not sure if we should adjust the wording in the Preferences UI, add a note under the certificates section or what... We'll need UX input to come up with a satisfactory solution.

Severity: -- → N/A
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3

I think one way to go is pack it together somehow under the same section, maybe starting with the 'Primary password', and just below, all the stuff it is used onto: 'Passowords', 'Certificates',...

Sorry to mix the 'master' stuff in here, I don't think this is going to be reverted, just took the chance to express my view :)

Component: Password Manager → Preferences
Product: Toolkit → Firefox

The product::component has been changed since the backlog priority was decided, so we're resetting it.
For more information, please visit auto_nag documentation.

Priority: P3 → --
You need to log in before you can comment on or make changes to this bug.