Closed Bug 1706611 Opened 4 years ago Closed 1 year ago

Failed login dialog displayed over the in-process password dialog

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1789623

People

(Reporter: mgoldey, Unassigned)

Details

Attachments

(1 file)

TB login image.jpg
20.07 KB, image/jpeg
Details
Attached image TB login image.jpg

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0

Steps to reproduce:

This is more of an annoyance than a true programming bug, but it has been occurring for years and it is routinely annoying.

This issue occurs if the user has more than one mail account in TB and does not save the passwords for each account. Such a user must enter the password for each mail account whenever TB starts.

When a user has multiple accounts, TB opens an "enter your password" dialog for each account, one at a time, and submits the password to the mail server. There is an error-trapping function that displays a "retry" dialog when the mail server returns an error code. Usually, the error is that the user entered the wrong password.

When a user enters the wrong password, this is the order of events:

  1. TB submits the defective password to the mail server (like it would for any password);
  2. TB opens a new "enter your password" dialog for the next mail account, which is also normal and expected behavior,
  3. Inevitably, the first mail server returns an authentication error to TB, and TB then displays a "login failed" dialog box, directly on top of the currently-active "enter your password" dialog while the user is in the middle of typing in the password.

As a result, the user is interrupted. Often, the password contains an "r" or "e" or the user hits enter, and this triggers the retry dialog, which then re-submits the bad password and continues this cycle. Also, after the user eventually clears the "retry" dialog, the user will typically need to blank out the "login" dialog and start over. Picking up mid-password rarely works, and instead starts a new cycle of failed login / retry dialogs.

Steps to reproduce:

  1. Set up TB with two or more mail accounts, but do not allow TB to save the passwords
  2. Restart TB.
  3. When prompted for the password for the first account, mistype it and hit enter.
  4. When the next dialog box comes up, start typing the password for account #2. Assuming a reasonable typing speed and Internet connection speed, the result will be similar to the accompanying image.

There is, I think, a straightforward solution: the function that displays the "retry" dialog should check whether an "enter your password" dialog is open and, if so, wait until the latter dialog has closed before displaying itself.

Also, "retry" is a bad default choice. (see image) If the password was wrong the first time, it's still wrong 2 seconds later.... "Enter new password" would be a better default, I think, since that is what the user will have to do.

Component: Untriaged → Security

mgoldey,
Do you still see this when using version 91?

Flags: needinfo?(mgoldey)

Yup, it sure does.

Flags: needinfo?(mgoldey)

mgoldey,
Are you still seeing this?
Sounds similar to bug 1789623

Flags: needinfo?(mgoldey)
Whiteboard: [closeme 2023-07-24]

Unfortunately, I can't answer. So many of my e-mail accounts now require OAUTH and no longer prompt me for a password that there's no opportunity for this conflict to arise. Sorry.

Flags: needinfo?(mgoldey)

Thanks for the update

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1789623
Resolution: --- → DUPLICATE
Whiteboard: [closeme 2023-07-24]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: