Closed Bug 259648 Opened 20 years ago Closed 18 years ago

"View Passwords" should prompt for the master password, when used

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
1.7 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: vlad, Unassigned)

References

Details

(Whiteboard: see comment 4)

When we import saved passwords (in particular from IE), we need to a) warn the user that we're doing this; b) give them an option to set a master password; c) let them know that their passwords are not secure. I realize that this is somewhat draconian in view of the goal to be highly unobtrusive, but I think it's important in this case; people who come from IE are probably not aware that their passwords are stored in a way that's trivial to crack. We let them know the first time they save a password with firefox already, just not if we import.
Flags: blocking-aviary1.0?
"I tried Firefox but it is less secure than IE because when I loaded it it said that anyone could read my passwords and that never happened with IE so I went back to IE cos IE is much more secure it never told me my passwords were open" If we're going to do this, we need to be very careful as to the wording. It has to be painfully simple and ridiculously clear. Frankly I doubt most people care, and I would recommend that we not be so paranoid. If someone has access to the machine to steal the password file, they can just as easily install a keyboard sniffer, or just brute-force the password file's encryption.
This really is too late... I think we should just remove the "show passwords" item.
Flags: blocking-aviary1.0? → blocking-aviary1.0-
*** Bug 269694 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > If someone has access to the machine to steal the password file, they > can just as easily install a keyboard sniffer, or just brute-force the password > file's encryption. While I understand your point, you're assertion that it is "just as easy" to "brute-force the password file's encryption" than it is to navigate to the appropriate place with UI is wrong. Easy access to passwords is something that could smack us in the face when claiming that FF is "more secure" than IE. While I don't want to have to enter a master password everytime I want to access a secure site, I don't want people to have easy access to my passwords. Having access to my passwords once they are saved is also important to me. I think that a good compromise would be to only have to enter the master password to *view* the passwords. While this would still allow an "attacker" the ability to go to a site and log in, he would need to know which site you have a saved password for. The odds of that happening are significantly lower, and the potential payoff much smaller.
*** Bug 269744 has been marked as a duplicate of this bug. ***
Summary: importing saved passwords should warn user/give master pwd option → importing saved passwords should warn user/give master password option
Eh, this won't matter when bug 259996 is fixed.
Summary: importing saved passwords should warn user/give master password option → importing saved passwords should warn user/give master password option (passwords are easily accessible)
*** Bug 271940 has been marked as a duplicate of this bug. ***
Bug 259996 should be a stopgap measure until this bug can be properly fixed.
Component: Migration → Password Manager
Summary: importing saved passwords should warn user/give master password option (passwords are easily accessible) → "View Passwords" feature should require a master password (passwords are easily accessible after importing)
Whiteboard: see comment 4
*** Bug 329597 has been marked as a duplicate of this bug. ***
The average new Firefox user does not set up a master password when then begin to save passwords. This insecure because ANY computer user can view their passwords in plaintext. This needs to be fixed.
QA Contact: migration → password.manager
There should also be a 2nd master password ONLY to show the passwords. nobody wants to enter a password every session. so Don't require the 2nd master password to USE passwords, but require the 2nd master password to SHOW the passwords.
*** Bug 320684 has been marked as a duplicate of this bug. ***
As people in other bugs have mentioned I'd like to see the option of when master passwords are used. Some people want to have to enter the master password once when they start firefox, some want to enter the master password every time they visit a url where the password is stored and some want to only enter a master password when they want to access the store themselves. So why not give users the options? In fact you might want to go further and move the option of entering the master password for certain urls, say for you bank logon you might want more protection than your mozilla account.
Assignee: bugs → nobody
This bug seems to have strangely mutated. Vlad's original comment is more about educating the user about master password usage (which would make this a dupe of bug 352692). But later comments and the bug summary talk about prompting for the master password before viewing stored logins. I'll go with the later, which means this bug is already fixed. When you set a master password, you're required to enter it before you're able to view stored logins (even if you've previously entered it in the browser session).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Why does the "view passwords" feature even exist? What legitimate reason would a user have to use this feature? 95% of users don't use a master password - this causes a major problem when a "friend" uses their PC.
I actually use "View Passwords" from time to time just to remember an old password I've forgotten (often to allow me to use it in another browser or app). The feature is, imho, quite useful.
Perhaps the "View Passwords" option should be disabled -unless- you've set a Master Password?
Heh, that'll teach me to reach the summary.
Excellent idea Brian. Disable "view passwords" unless there is a master password. How can we move forward with your idea (I'm new to bugzilla)?
(In reply to comment #19) > Excellent idea Brian. Disable "view passwords" unless there is a master > password. How can we move forward with your idea (I'm new to bugzilla)? Not so fast. I don't have a master password. I don't leave my laptop unattended or use untrusted networks. I do (too often!) consult my saved passwords, especially for sites that prompt from different or even randomized URLs. Don't break me by forcing me to set a master password, please. In other words, I disagree that this bug is a bug. Perhaps I'm in a small minority but I doubt it. Yes, I know passwd security is broken in a number of ways. I still save 'em and benefit from Firefox's memorization, but I need to see them all too often, too. /be
I think this was been debated to death in some other bug; the current behavior is the result of that. The summary here is kind of confusing, so I've updated it to better reflect what this bug became.
Summary: "View Passwords" feature should require a master password (passwords are easily accessible after importing) → "View Passwords" should prompt for the master password, when used
Seems then that WONTFIX is a better resolution for this bug.
Resolution: FIXED → WONTFIX
(In reply to comment #21) > I think this was been debated to death in some other bug; the current behavior > is the result of that. The summary here is kind of confusing, so I've updated > it to better reflect what this bug became. Someone please cite that bug. Sorry if I misread the bug -- I did go by the summary and last few comments. Don't let me stop y'all from improving password security, password manager site matching, etc. /be
(In reply to comment #14) > Vlad's original comment is more about educating the user about master password > usage (which would make this a dupe of bug 352692). No, it wouldn't. I've already saved passwords for all the sites I use, in IE, and you've migrated them; I'll never see the save password prompt. *That* is what this bug is about; comments from people who aren't paying attention, and well-meaning but misguided morphing aside, this bug is about one and only one thing, the case where we migrate passwords from another program without telling the user that anyone who touches the computer will be able to see them in the clear, without having to install any programs or copy any files, unless they set a master password. Personally, I'm not going to bother fixing it, so I won't bother to refile it, but this is a Migration bug about having another wizard pane that offers to set a master password, and explains why you might want to do so. Brendan: "some other bug" is almost certainly bug 259996, where comments 15-19 were considered and wontfixed long ago.
Gavin, this bug is resolved "wontfix", yet the feature seems to be implemented. What's up with that?
(In reply to comment #25) > Gavin, this bug is resolved "wontfix", yet the feature seems to be implemented. > What's up with that? No idea. dolske changed the summary, and crowder changed the resolution, perhaps you should ask them. (I'm assuming by "the feature" you mean the behavior described in the current summary, and not the feature described in comment 0 - that certainly isn't yet implemented.)
Product: Firefox → Toolkit
Based on the current summary this is "FIXED" rather than "WONTFIX". From comment 0 > people who come from IE are probably not aware that their passwords are > stored in a way that's trivial to crack. We let them know the first time > they save a password with firefox already, just not if we import. We did in the Mozilla Suite, but not in Firefox. Most Firefox users have a wide-open password store.
Resolution: WONTFIX → FIXED
See Also: → https://launchpad.net/bugs/25019
You need to log in before you can comment on or make changes to this bug.