Passwords should not Sync from a profile with a Primary Password to a profile without a Primary Password
Categories
(Firefox :: Sync, defect, P5)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox91 | --- | affected |
People
(Reporter: bj, Unassigned)
References
(Blocks 1 open bug)
Details
A user with a Primary Password setup presumably wants their saved passwords protected with a Primary Password. When Sync is set up it should ensure that passwords transferred from a profile with a Primary Password set should only go to other profiles with a Primary Password set.
Steps to reproduce:
- Set up a Primary Password.
- Save some logins and passwords.
- Set up Sync.
- Create another profile and Sync the two profiles.
Expected result:
4) The saved passwords are protected by a Primary Password as was requested in step 1.
Actual result:
4) The new profile doesn't require a primary password to be entered to use or see the saved passwords.
|
||
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
Many people explicitly want the current behaviour - eg, a laptop vs a desktop. It would also seem very easy to defeat - eg, if an attacker got a device that didn't have passwords synced because it had no primary password, that attacker could just set up a primary password and suddenly they'd get all the passwords. Note that by design, the primary password isn't use as the encryption key, so there's no requirement the primary password be identical on all devices, so there's no reasonable way that device could prevent this.
|
Reporter | |
Comment 2•4 years ago
|
||
Could there at least be a confirmation step in the Sync setup: "This browser doesn't have a primary password set so passwords will not be protected by a primary password. Are you sure you want to Sync with this device?"
|
|
||
Comment 3•4 years ago
|
||
(In reply to B.J. Herbison from comment #2)
Could there at least be a confirmation step in the Sync setup: "This browser doesn't have a primary password set so passwords will not be protected by a primary password. Are you sure you want to Sync with this device?"
But this device doesn't know if there's a primary password anywhere else - we certainly don't want to prompt this for all users.
(The primary-password and sync story sucks in quite a few ways, least of all the prompting story, so please don't mistake my comments as trying to justify this experience as a good one!)
|
|
Reporter | |
Comment 4•4 years ago
|
||
(In reply to Mark Hammond [:markh] [:mhammond] from comment #3)
But this device doesn't know if there's a primary password anywhere else - we certainly don't want to prompt this for all users.
But could Sync be modified to record that information when Syncing and send it to other devices? Save whether none, some, or all of the synced devices have primary passwords set up, or as much of that as possible.
If you add a primary password on one device it could suggest adding it to other synced devices, and when you sync a new device it can suggest adding on to this device if one is used elsewhere. The information could also be in Sync settings.
(Accommodation would need to be made for devices synced before the start of this information collection.)
|
|
||
Comment 5•4 years ago
|
||
It's certainly possible this could be accommodated. Given how few users have a primary password, and the fact they are probably already aware of the threats they are protecting themselves against, and that such a prompt is really just saying "hey - you are already hyper-vigilant, but forgot to set a primary password on this device - are you sure?", I really don't see this bumping the other primary password issues that exist.
|
|
Reporter | |
Comment 6•4 years ago
|
||
(In reply to Mark Hammond [:markh] [:mhammond] from comment #5)
It's certainly possible this could be accommodated. Given how few users have a primary password, and the fact they are probably already aware of the threats they are protecting themselves against, and that such a prompt is really just saying "hey - you are already hyper-vigilant, but forgot to set a primary password on this device - are you sure?", I really don't see this bumping the other primary password issues that exist.
I under stand your point about priorities, but I have no idea why you assume that everyone who once set up a primary password is always "hyper-vigilant".
I have a primary password on my standard devices and use Sync between them. While testing another system I set up Sync to pull over bookmarks. It wasn't until much later that I realized that passwords were brought over and no primary password was set up on that device.
I just checked with a new profile. When you connect to Sync the text only says it will "Save Data". There is no explicit mention that passwords are brought over from your other systems. Yes, it would have been obvious if I stopped to consider it, but I'm not "hyper-vigilant" and was focused on my current task.
|
||
Updated•4 years ago
|
|
||
Comment 7•3 years ago
|
||
If we add a general warning as discussed here: https://bugzilla.mozilla.org/show_bug.cgi?id=1261977 we should make sure that this also triggers the warning.
|
||
Updated•2 years ago
|
Description
•