Closed Bug 218694 Opened 17 years ago Closed 15 years ago
implement master password UI
This bug is for tracking the design and implementation of a master password UI for Mozilla Firebird.
I already filed bug 216539: we need a way to choose/edit/remove the master password in Options->Privacy.
Moving all active Password Manager bugs to Autocomplete component with [pwd-mngr] in summary for querying. Sorry for the bugspam.
Component: General → Autocomplete
QA Contact: davidpjames
Summary: implement master password UI → [pwd-mngr] implement master password UI
Reassigning to the default assignee.
Assignee: blake → bryner
Summary: [pwd-mngr] implement master password UI → implement master password UI
i wanted to put in a plug for improving the user-discovery of the master password feature. for example, a dialog shown to the user the first time they save a password might want to include a comment and a button directing the user to the master password feature (in addition to a warning about what saving passwords means, etc).
Targeting. This needs to go into Options... need to discuss with brian what's needed here.
Priority: -- → P3
Target Milestone: --- → Firefox0.9
Assignee: bryner → bugs
Priority: P3 → P2
Target Milestone: Firefox0.9 → Firefox1.0beta
*** Bug 216539 has been marked as a duplicate of this bug. ***
Assignee: bugs → firefox
Flags: blocking-aviary1.0RC1+ → blocking-aviary1.0RC1-
blake says some basic seamonkey ui coming soon...
Whiteboard: [eta 2004-08-04]
patch coming up
Assignee: firefox → mconnor
Comment on attachment 155464 [details] [diff] [review] lots of stolen and cleaned up code from changepassword.xul blake, hopefully you didn't put much work into this already
Status: NEW → ASSIGNED
Whiteboard: [eta 2004-08-04] → [have patch]
hmm, fun, I didn't implement the "ask me for this when X" pref stuff, do we want that too? that's much more trivial :)
Mike, can you show some screenshots? A quick glance at the code makes it seem like the presentation is relatively low key which is probably the best thing.
will post screenshots in a couple hours, not at my dev machine
with no password set http://www.steelgryphon.com/stuff/masterpass1.png setting a password http://www.steelgryphon.com/stuff/masterpass2.png with a password set http://www.steelgryphon.com/stuff/masterpass3.png left undecided by this patch is bug 222408, which is UI for setting the master password frequency prefs. I'm inclined to think that the current "once per session" is sufficient for most users.
Looks fine. But I think normal user doesn't know what a master password is and that the passwords are encrypted with MP and saved plaintext without. Thus, a hint like „Master password increases security“ would be nice.
Please also add ellipses ("...") to the labels of all buttons which open a dialog, i.e. View Saved Passwords, Set/Change Master Password, Exceptions, View Cookies. This is for consistency with buttons everywhere else (including Web Features, after I've checked in my patch for bug 250543).
Set Master Password should have an ellipsis, but View etc should not. Note that in the privacy pane, I've actually removed all of the bogus usage of the ellipsis already with my patch for the cookies UI.
(In reply to comment #16) > Please also add ellipses ("...") to the labels of all buttons which open a > dialog, i.e. View Saved Passwords, Set/Change Master Password, Exceptions, View > Cookies. mconnor is right. see also: http://developer.gnome.org/projects/gup/hig/2.0/menus-design.html http://java.sun.com/products/jlf/ed2/book/HIG.Controls.html#43232 http://developer.apple.com/documentation/UserExperience/Conceptual/OSXHIGuidelines/XHIGText/chapter_4_section_3.html#//apple_ref/doc/uid/TP30000365/TPXREF126
And seeing as I already looked it up for the same conversation in bug 250543: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwue/html/ch14d.asp
Mike, looks good, except I'd add a message to the top of the "Set Master Password" window that explains briefly what it's doing. "A Master Password is used to protect sensitive information like site passwords. If you create a Master Password you will be asked to enter it once per session when you log into a site that &brandShortName; has saved login information for." and, in bolded text below: "Please be sure to remember your Master Password. If you forget it, you will not be able to access any of your stored login information." or some such. Once per session sounds fine to start with.
screenshot of the new dialog at http://www.steelgryphon.com/stuff/masterpass4.png
Comment on attachment 155783 [details] [diff] [review] patch with descriptive text firstname.lastname@example.org
Neither setting nor changing the master password work on Linux. There is no effect even after clicking OK in the main Options dialog. It works fine in Advanced->Certificates->Manage Security Devices->Software Security Device->Change Password.
Steffen, I grabbed a tinderbox build since I'm on Windows atm, it works fine there. Note that after setting the password, you won't be prompted until you restart Firefox.
Whiteboard: [have patch]
Doesn't work with a Sweetlou build either. Not even after restarting Firefox. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040814 Firefox/0.9.1+.
fix in, missed an accept case, should work fine using Enter instead of clicking OK.
What about "Master Password Timeout" from the old UI chrome://pippki/content/pref-masterpass.xul ? Shouldn't it be available too?
it was considered and rejected in favour of the simpler implementation. The prefs are still in existence, but we're not going to provide UI at this time. Given that banks and other secure sites are always advising users to close all browser windows to ensure security of sessions, I believe that there isn't a real need to have timeout functionality etc for the vast majority of users.
Do we have a bug on removing the show passwords button or will that be done as part of this bug? I think bryner's on the hook for the button removal.
I looked for other bugs about "edit password" but they were all duped to this one. how about the option to double leftclick on an entry in PW manager giving you the option to edit both the login name and password ? Fixed-aviary1.0 is not totally fixed but will have to do till the next milestone ?
*** Bug 264186 has been marked as a duplicate of this bug. ***
Peter, please file a new bug on that, if there is none yet. This one is about the *master* password.
(In reply to comment #32) > Peter, please file a new bug on that, if there is none yet. > This one is about the *master* password. filed Bug 264201 for Edit passwords
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.