216539 - [pwd-mngr] we need a way to choose/edit/remove the master password in Options->Privacy

Status: VERIFIED DUPLICATE of bug 218694

(Toolkit :: Password Manager, enhancement, P2)

Description

[Steffen Wilberg]

In Tools-Options-Privacy-Saved Passwords, there should be a way to edit or
remove the master password, something like
chrome://pippki/content/pref-masterpass.xul

Comment 1

[Steffen Wilberg]

Reason:
You may want to change it if it isn't (or you worry about not being) secret anymore.
You may want to remove it if you don't want to enter it anymore and don't want
to delete your password file (xxxxxxxx.s) to get rid of it.

Comment 2

[Samir L. Boulema]

sounds like a very good addition to me ;)

Comment 3

[Bill Mason]

*** Bug 217132 has been marked as a duplicate of this bug. ***

Comment 4

[Steffen Wilberg]

New workaround thanks to the provisional security UI (bug 215898):
Tools-Options-Advanced-Certificates-Manage Security Devices-Software Security
Device-Change Password. You can change or remove your master password there; you
have to know your current one of course.

Comment 5

[Jeremy M. Dolan]

Removing the password doesn't seem to decrypt old entries. How are the entries
being encrypted in Mozilla's secrets file?

They appear to be base64 encoded, but after unencoding them, what? I need to get
a password out of my secrets file. Is it some algorithm openssl(1) can handle?
Do any of the PSM developers have a handy tool to deal with it? If not, can
someone please provide me info on the algorithm being used and/or point me to
the code?

Comment 6

[Voyager]

I don't understand why this bug is marked as an "enhancement" bug.  When the
master password is a feature, a way to edit it in the UI is reasonably and
logically expected.  I think the severity of the bug should at least be major,
since the master password is already a part of Firebird.

Comment 7

[Steffen Wilberg]

Spandan, it's now possible to choose/edit/remove the master password, but it's
very hard to find, see comment 4. This option should be in Tools-Options-Privacy.

There are two ways to do this:
1. Put this in the Password Manager (Options->Privacy->Saved Passwords->View
Saved Passwords). There could be a third tab explaining the concept of master
passwords and a button offering to choose/edit/remove the master password.
2. Create a new section in Options->Privacy called Master Password. Mozilla does
it this way.

Option 2 is consequent for Mozilla because the master password not only protects
saved passwords, but also certificates. But we don't use user certificates in
Firebird because we don't send and receive encrypted emails. We should go with
Option 1 therefore. This is also the place users would look for this.

Tweaking summary and component and reassigning.

Comment 8

[Bill Mason]

It appears that this bug is about to become a dup of bug 218694.

Comment 9

[Mike Connor [:mconnor]]

Not a dupe, the other bug is more a tracker

-> blocks 218694

Comment 10

[Alan Milnes]

This is a major issue for me - I just spent about an hour tracking through the
various options and this site trying to find where I could set the Master Password!

Comment 11

[David P James]

Adding [pwd-mngr] to summary for querying on Password Manager bugs (this one
doesn't really belong in Autocomplete though). Sorry for the bugspam.

Mike: Shouldn't this be assigned to Brian?

Comment 12

[Mike Connor [:mconnor]]

yes

Comment 13

[Ben Goodger (use ben at mozilla dot org for email)]

yes. 

Comment 14

[Ben Goodger (use ben at mozilla dot org for email)]

*** This bug has been marked as a duplicate of 218694 ***