implement master password timeout functionality + UI

RESOLVED WONTFIX

Status

()

--
enhancement
RESOLVED WONTFIX
15 years ago
4 years ago

People

(Reporter: ostap, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

I can set the timeout value after "It has not been used for" but I'm missed the
button to "submit" the settings. 

Reproducible: Always

Steps to Reproduce:
1. go to the url chrome://pippki/content/pref-masterpass.xul
2. select the last radio button
3. enter the timeout
4. look for the submit button ;)
Actual Results:  
timeout settings are not stored

Expected Results:  
we expect a new timeout to be set

standard firebird 0.7 installation + Flash  + ?Acrobatreader6.0 plugin

Comment 1

15 years ago
This isn't supported yet. -> enhancement; all/all;
-> password manager, reassigning and confirming.
-> blocks bug 218694.
Assignee: blake → bryner
Blocks: 218694
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Preferences → Password Manager
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: mpconnor → davidpjames
Hardware: PC → All
Summary: can not submit master password timeout → implement master password timeout functionality + UI

Comment 2

14 years ago
*** Bug 261192 has been marked as a duplicate of this bug. ***
*** Bug 268298 has been marked as a duplicate of this bug. ***

Comment 4

14 years ago
*** Bug 304929 has been marked as a duplicate of this bug. ***

Comment 5

13 years ago
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody
Version: unspecified → Trunk
*** Bug 343043 has been marked as a duplicate of this bug. ***

Comment 7

13 years ago
wasn't this supported in earlier versions of Fx?
Don't think so: the prefs security.password_lifetime and security.ask_for_password are just used to set the values in the pref-masterpass window, and its handling script actually sets them internally in nsPK11TokenDB, so if you don't go through a working pref window that lets you call something like http://landfill.mozilla.org/mxr-test/seamonkey/source/security/manager/pki/resources/content/pref-masterpass.js#73 then you haven't actually set anything.
*** Bug 326755 has been marked as a duplicate of this bug. ***
(Assignee)

Updated

11 years ago
Product: Firefox → Toolkit

Comment 10

10 years ago
We just had a user request this.
Ubuntu Bug:
https://bugs.launchpad.net/bugs/407615

Also, possible duplicate: Mozilla Bug 155739

There appears to be an addon as well for this:
https://addons.mozilla.org/en-US/firefox/addon/1275

But it seems reasonable to have this in the UI.

Comment 11

8 years ago
The add-on Micah mentions does not work.

Comment 12

8 years ago
Is this the right bug for master password reentering prompt after some inactivity period?

Comment 13

8 years ago
I have the same question. Suspect that 3.6.10 has incorporated "require password on return from sleep/hibernate. That's a good thing a good thing for laptop users (in case the computer gets stolen while asleep, but a pain in the neck for desktop users who live with their systems -- likelihood is that this will prove enough of a nusiance to turn off the master password). Make "forget password on sleep/hibernate" an option?

Updated

4 years ago
Duplicate of this bug: 503831
Blocks: 570421
Component: Password Manager → Security: PSM
Product: Toolkit → Core
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
Duplicate of this bug: 383229

Comment 17

4 years ago
@Justin: are you implying that "master password" will be phased out or will be left alone in foreseeable future?

Comment 18

4 years ago
(In reply to Justin Dolske [:Dolske] from comment #15)
> It's generally agreed among UX/Engineering/Product that we don't want to
> further develop the existing master password functionality, as it's a poor
> fit for current needs and our current direction in this area.

Is there an alternative planned? Would you rather we have a password manager that is not at all secured?

Comment 19

4 years ago
Right now it asks again for the master password every single time you select 'show passwords' even if twice in 10 seconds.
The only issue is if you leave your computer unattended with Firefox running and the master passpharse has already been entered, someone can log onto your gmail etc... accounts without knowing your password.
This is mitigated by people running screen lockers and screensavers.
If the master password is relocked every 30 minutes, this still leaves Firefox able to log onto websites for 30 minutes which is actually longer than most screenlockers/screensaver timeouts. Many users will also thing "hmm...I just typed in the master password 30 minutes ago. this must be a bug".

KDE's kwallet relocks when the last application accessing the keychain closes which is analogous to Firefox requiring that you re-enter the master password every time you restart firefox and access a website that wants a password. You could make firefox lock the master password again when all websites/tabs that have requested a password are closed but it is not easy to tell the user that the keyring is in use/not in use/relocked without major UI changes.
You need to log in before you can comment on or make changes to this bug.