Closed Bug 218694 Opened 17 years ago Closed 15 years ago

implement master password UI

Categories

(Toolkit :: Password Manager, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla1.7.4

People

(Reporter: asa, Assigned: mconnor)

References

Details

(Keywords: fixed-aviary1.0)

Attachments

(1 file, 1 obsolete file)

This bug is for tracking the design and implementation of a master password UI
for Mozilla Firebird.
I already filed bug 216539: we need a way to choose/edit/remove the master
password in Options->Privacy.
Depends on: 216539
QA Contact: asa
Moving all active Password Manager bugs to Autocomplete component with
[pwd-mngr] in summary for querying. Sorry for the bugspam.
Component: General → Autocomplete
QA Contact: davidpjames
Summary: implement master password UI → [pwd-mngr] implement master password UI
Component: Autocomplete → Password Manager
Reassigning to the default assignee.
Assignee: blake → bryner
Summary: [pwd-mngr] implement master password UI → implement master password UI
Depends on: 222408
i wanted to put in a plug for improving the user-discovery of the master
password feature.  for example, a dialog shown to the user the first time they
save a password might want to include a comment and a button directing the user
to the master password feature (in addition to a warning about what saving
passwords means, etc).
Targeting. This needs to go into Options... need to discuss with brian what's
needed here. 
Priority: -- → P3
Target Milestone: --- → Firefox0.9
Assignee: bryner → bugs
Flags: blocking1.0+
Priority: P3 → P2
Target Milestone: Firefox0.9 → Firefox1.0beta
Blocks: 239241
*** Bug 216539 has been marked as a duplicate of this bug. ***
Assignee: bugs → firefox
Flags: blocking-aviary1.0RC1+
Blocks: 251959
No longer blocks: 251959
Flags: blocking-aviary1.0RC1+ → blocking-aviary1.0RC1-
Flags: blocking-aviary1.0RC1-
Flags: blocking-aviary1.0RC1+
Flags: blocking-aviary1.0-
Flags: blocking-aviary1.0+
Blocks: 251959
blake says some basic seamonkey ui coming soon...
Whiteboard: [eta 2004-08-04]
No longer blocks: 251959
patch coming up
Assignee: firefox → mconnor
Comment on attachment 155464 [details] [diff] [review]
lots of stolen and cleaned up code from changepassword.xul

blake, hopefully you didn't put much work into this already
Attachment #155464 - Flags: review?(firefox)
Status: NEW → ASSIGNED
Whiteboard: [eta 2004-08-04] → [have patch]
hmm, fun, I didn't implement the "ask me for this when X" pref stuff, do we want
that too? that's much more trivial :)
Mike, can you show some screenshots? A quick glance at the code makes it seem
like the presentation is relatively low key which is probably the best thing. 
will post screenshots in a couple hours, not at my dev machine
with no password set
http://www.steelgryphon.com/stuff/masterpass1.png

setting a password
http://www.steelgryphon.com/stuff/masterpass2.png

with a password set
http://www.steelgryphon.com/stuff/masterpass3.png

left undecided by this patch is bug 222408, which is UI for setting the master
password frequency prefs.  I'm inclined to think that the current "once per
session" is sufficient for most users.
Looks fine. But I think normal user doesn't know what a master password is and
that the passwords are encrypted with MP and saved plaintext without. Thus, a
hint like „Master password increases security“ would be nice.
Please also add ellipses ("...") to the labels of all buttons which open a
dialog, i.e. View Saved Passwords, Set/Change Master Password, Exceptions, View
Cookies.

This is for consistency with buttons everywhere else (including Web Features,
after I've checked in my patch for bug 250543).
Set Master Password should have an ellipsis, but View etc should not.

Note that in the privacy pane, I've actually removed all of the bogus usage of
the ellipsis already with my patch for the cookies UI.
And seeing as I already looked it up for the same conversation in bug 250543:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwue/html/ch14d.asp
Mike, looks good, except I'd add a message to the top of the "Set Master
Password" window that explains briefly what it's doing.

"A Master Password is used to protect sensitive information like site passwords.
If you create a Master Password you will be asked to enter it once per session
when you log into a site that &brandShortName; has saved login information for."

and, in bolded text below:

"Please be sure to remember your Master Password. If you forget it, you will not
be able to access any of your stored login information."

or some such.

Once per session sounds fine to start with. 
Attachment #155464 - Attachment is obsolete: true
Attachment #155464 - Flags: review?(firefox)
Attachment #155783 - Flags: review?(bugs)
Comment on attachment 155783 [details] [diff] [review]
patch with descriptive text

r+a=ben@mozilla.org
Attachment #155783 - Flags: review?(bugs)
Attachment #155783 - Flags: review+
Attachment #155783 - Flags: approval-aviary+
Neither setting nor changing the master password work on Linux. There is no
effect even after clicking OK in the main Options dialog.

It works fine in Advanced->Certificates->Manage Security Devices->Software
Security Device->Change Password.
Steffen, I grabbed a tinderbox build since I'm on Windows atm, it works fine
there.  Note that after setting the password, you won't be prompted until you
restart Firefox.
Keywords: fixed-aviary1.0
Whiteboard: [have patch]
Doesn't work with a Sweetlou build either. Not even after restarting Firefox.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040814
Firefox/0.9.1+.
fix in, missed an accept case, should work fine using Enter instead of clicking OK.
What about "Master Password Timeout" from the old UI
chrome://pippki/content/pref-masterpass.xul ? Shouldn't it be available too?
it was considered and rejected in favour of the simpler implementation.  The
prefs are still in existence, but we're not going to provide UI at this time. 
Given that banks and other secure sites are always advising users to close all
browser windows to ensure security of sessions, I believe that there isn't a
real need to have timeout functionality etc for the vast majority of users.
Do we have a bug on removing the show passwords button or will that be done as
part of this bug? I think bryner's on the hook for the button removal.
I looked for other bugs about "edit password" but they were all duped to this one.

how about the option to double leftclick on an entry in PW manager giving you
the option to  edit both the login name and password ?

Fixed-aviary1.0 is not totally fixed but will have to do till the next milestone ?

*** Bug 264186 has been marked as a duplicate of this bug. ***
Peter, please file a new bug on that, if there is none yet.
This one is about the *master* password.
(In reply to comment #32)
> Peter, please file a new bug on that, if there is none yet.
> This one is about the *master* password.

filed Bug 264201 for Edit passwords

Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.