Closed Bug 297345 Opened 20 years ago Closed 20 years ago

Https password remembering && offering

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: kulminaator, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)

Firefox offers me to remember passwords on https sites which very often are bank
sites and other financially critical secure sites. The https password
remembering should be offered as a special by-default-disabled feature and not
force it on all the users. This makes the browser just semi-unsecure to new
users who are used to internet explorer and click yes&next everywhere.

i know that we cant make all yes&next places safe but this is only one choicebox
to check for users that want https stuff remembered and a safe guarantee that
new firefox users dont let their browser remember significant users and passwords!



Reproducible: Always

Steps to Reproduce:
1.visit an https site
2.
3.
Might be a duplicate of Bug 263532
If someone gains control of your PC in such a way as to be able to steal these
stored passwords, they're just as equally capable of installing a keylogger to
steal your passwords even if you type them every time.

This broke, briefly, in the pre-1.0 days and many users flipped.  Disabling
something IE does (and that we can do more securely with a master password and
an encrypted local store) just isn't going to happen.  Sites that want to
control this can use autocomplete="off" same as with IE.

WONTFIX.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.