Closed Bug 26094 Opened 25 years ago Closed 25 years ago

"Remember" checkbox in password dialog is always checked

Categories

(Toolkit :: Form Manager, defect, P3)

Product:
Toolkit
Component:
Form Manager
Platform:
x86
Other
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: phil, Unassigned)

References

Details

I don't want to remember my mail password, so when the single-sign-on password
dialog comes up, I uncheck the checkbox. The problem is that it doesn't remember
this setting, and I have to uncheck it every time I log in to the mail server.

Nominating for beta1
Keywords: beta1
There are several choices here.

1. Always have the dialog come up with the box unchecked.  The user who wants to 
use the feature can do the extra work of checking it.  The users who abhore the 
feature as a threat to their privacy need do nothing special.

2. Always initialize the checkbox to the last value it had when the user pressed 
OK.  This last value will be remembered globally.

3. Remember the last value used for each site and use that as the initial value 
when you return to the site.

I think that 3 is the most desirable from the UI perspective, but also involves 
the most amount of work at this time.  Therefore I advocating with doing 1 at 
this time.  Any other thoughts?
Status: NEW → ASSIGNED
Target Milestone: M14
Actually we have the same issue with the cookie nag box which contains the 
checkbox "remember this decision."  In that case we globally remember the last 
value of the checkbox and initialize to that value the next time the dialog 
comes up.

So perhaps we should be consistent and do the same thing here.  That would be 
solution #2 in my list above.  Any objections to doing that?

Either 1 or 2 are trivial for me to implement.  Choice 3 requires real work on 
my part.
If this control were always visible, then 3 would be the only right choice, but
I don't see why we need to complicate this simple dialog with a control that
will typically be used once by people who want the feature, and zero times by
the rest of us.  #1 will be wrong for people who use autofill, and expect it to
be checked, indicating that their password is being saved.  #2 will be wrong
when you have multiple accounts with different settings. Ease of implementation
should not be a consideration. Given the sensitivity of security issues, why
have this if we can't do it right?
BTW, I strongly object to the opt-out approach. I expect that passwords will not
be stored unless I explicitly enable it.

I take it from your comment that you are one of the people who will use it 0 
time.  :-(

This control will be used more than once by people who want the feature.  Every 
time you visit a new site for which you want to save your password, you need to 
have the box checked.  You can't eliminate the box -- it is the ONLY ui that 
users have for using the feature.

I disagree that ease of implementation should not be a consideration.

None of the three solution above are opt-out.
I'm happy if either (1) the default value of the Remember checkbox is unchecked
or (2) it remembers the last setting I made.

*** Bug 26123 has been marked as a duplicate of this bug. ***
Solution 1 just checked in
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Thanks, I should have said once per password-protected entity. Yes, I'll be
satisfied if this feature has zero effect on me, and I'll leave it to real users
of the feature to evaluate option 1. The opt-out was a reference to your initial
checked default.

verified on mac, linux and winNT using opt comm bits 2000022808.
Status: RESOLVED → VERIFIED
Assignee: morse → nobody
Product: Core → Toolkit
QA Contact: bugzilla → form.manager
Target Milestone: M14 → ---
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.