In both Firefox 1.5 and 2.0 branch, you can view saved passwords even when no Master Password is set. This "feature" has been discussed in various online forums. For example, http://digg.com/security/Firefox_saved_passwords_for_all_to_see. It is also a security concern for many Corporate IT administrators. There is actually nothing wrong with the design of the firefox itself. It is farely secure as long as a Master Password is set. However, not everybody knows how important it is to use Master password. With more and more people visiting on-line banking and other secure sites, the concequence of accidentally revealing the password is potentially damaging. After all, the password is displayed in clear text. I posted a message in the mozilla.dev.apps.firefox group regarding this issue a week ago but did not receive any response from the XUL/Toolkit development team. I am creating a bug on this item for lack of a better place to discuss this issue. An not so intrusive way of fixing the problem is 1) disable the "show password" feature in the Password manager if a Master Password is not set, 2) When a master password is created, old signons are automatically removed. Attached is a patch for the firefox 1.5 branch that implement the above. The patch is just a proof-of-concept to facilitate discussion. My goal is to have a solution that will work for everybody. The sensible solution, I believe, is to educate the regular user who uses the password manager feature to setup a master password.
A message that discusses this patch is also posted to mozilla.dev.apps.firefox.
The original discussion thread: http://groups.google.com/group/mozilla.dev.apps.firefox/browse_thread/thread/ee8678848bec5a08/ (Contains my arguments for why I believe this should be WONTFIX)
This was already decided to be a WONTFIX in bug 259996 comment 24 (and 25) *** This bug has been marked as a duplicate of 259996 ***
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
NONONONONO. :-). Please don't do anything like this. It might be OK to pop up a *warning* and let the user go ahead, but that doesn't solve anything. The first thing you might want to do is ask: what's the *real* problem you're trying to solve? If the user is dumb^h^h^h^hunconcerned enough to not protect their passwords, why do you want to go behind their back and ram security down their throats? And I, for one, damn well both want to leave the master password off, *and* see what 357 different passwords I have had to create for all the websites I visit, because of their stupidly different and bizarre password restrictions. Most of these are passwords that I DON'T care if someone sees, but I need them in order to access those sites. The best thing to do is just to warn users the first time they save a password without a master password, and if they insist, then just shut up afterwards, and try not to be a nagging nanny. (In reply to comment #4) > This was already decided to be a WONTFIX in bug 259996 comment 24 (and 25) Thanks, and let's keep it that way..
You need to log in before you can comment on or make changes to this bug.