Closed Bug 1831575 Opened 2 years ago Closed 2 years ago

Clarify the "no primary password" explanation message

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
115 Branch
Tracking Flags:
Tracking Status
firefox115 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file, 1 obsolete file)

Bug 1831575 - Clarify which private keys are not protected by the master password. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

When removing the primary password, the following message is shown:

"You have deleted your Primary Password. Your stored passwords and private keys will not be protected."

This will no longer be accurate when this string is used in Thunderbird, because users may have private keys that belong to OpenPGP keys, and those private keys might alternatively be protected using a passphrase that's independently set of the Primary Password.

Ideally I'd like to ask that the core string used by Firefox is changed, in a way that would avoid confusing Thunderbird users.

Bug 1831387 considers to replace the core string with a one that works better in Thunderbird, but maybe that's ugly to do?

Possible solutions for this bug:
(1) clarify that this text only talks about private keys of certificates:
"Your stored passwords and private keys of certificates will not be protected."

(2) completely drop the part
"Your stored passwords and private keys will not be protected."
and show the text
"You have deleted your Primary Password.", only.

Another thought: I know that Firefox is able to access certificates in the system OS store e.g. on Windows.

Maybe the text is already misleading today, because it gives the user the incorrect impression that system private keys will not be protected at all - when they might be protected by some OS mechanism? (I don't know if such a mechanism exists.)

If you'd agree with this argument, it would support option (2)

Assignee: nobody → kaie
Status: NEW → ASSIGNED

Dana, does one of these suggestions seem acceptable to you?
I've submitted two alternative phab revisions, in case you like one of them.

Flags: needinfo?(dkeeler)

I think the "be more specific" option sounds good.

Flags: needinfo?(dkeeler)
Attachment #9331832 - Attachment is obsolete: true
Pushed by kaie@kuix.de: https://hg.mozilla.org/integration/autoland/rev/18ba3281fa5c Clarify which private keys are not protected by the master password. r=keeler,fluent-reviewers,settings-reviewers,flod

https://hg.mozilla.org/mozilla-central/rev/18ba3281fa5c

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox115: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 115 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: