Closed Bug 362580 Opened 18 years ago Closed 17 years ago

Better Security, Password Management and Anti-phishing Technology.

Categories

(Toolkit :: Password Manager, enhancement)

1.8 Branch
x86
Windows XP
enhancement
Not set
normal

Tracking

()

VERIFIED WONTFIX

People

(Reporter: BijuMailList, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(4 files)

There are method to improve online security like bug 361915 but it needs co-operation from webmaster. so mean while we could try to improve security by minor changes in browser. Here is my suggestion * Implement Domain Verification Code (DVC). - an new method to improve Anti-phishing Technology. * Dont push user to save password in browser PM. - we know with out MasterPassword PM is not secure. - So why we drag user to do password save? * CapsLock ON indicator - How many times you may have type Password with CapsLock ON - And wondered what happened? Let me load my slides as attachment
Attached image login_presave.png
Attached image passoptions.png
Attached image login_postsave.png
Attached file passoptions.xul
AFAIK most people dont use browser PM to store Bank Uid/Password Also current Anti-phishing Technology can only identify a Phishing site if somebody reported it. So how do user quickly find/ensure, the login form where he reached is a phishing site or genuine site where he already registered? There is a way to do that. Credit card companies use "Card Security Code" or commonly know as CVC2 (aka CVV2) code http://en.wikipedia.org/wiki/Card_Security_Code to improve online security. this a special code, ie a 3 or 4 digit number the banker has given for a card when issued The proposed "Domain Verification Code (DVC)" is something similar (PS: the name can be changed if it is too techie) ie, a code given by a user to a site, which he only know. eg:- I may give all my bank sites code 911 for all wiki sites 411 all web mail sites 611 This code will appear in background at the end of form password field. There is now way the web server/page can read this code user may also choose a preferred color/bgcolor for the code Here is how it should appear to user Scenario 1: a new login for this browser * Say he want to login first time at https://www.google.com/accounts/ * User see page like login_presave.png attachment 247257 [details] ie, - if CapsLock is ON there is an indicator - there is a "save" Icon at the end of password field. * User enter uid/password * Click password field's "save" Icon. (only if he wish to configure save PM or DVC) * user see passoptions.png, attachment 247258 [details] * configure options, if he need to save password he do that too * create DVC if he wish, say "7890" with red in yellow bgcolor * and close passoption screen * now the form field changes to accommodate his change see login_postsave.png attachment 247259 [details] * and he submit the form * for the case user did not used passoptions screen PM will also never prompt to save password. Scenario 2: user return to login page after already saved password * User see page like login_postsave.png attachment 247259 [details] - DVC appear as "7890" with red in yellow bgcolor - user feel confident about the site, and proceed login Scenario 3: user return to login page, after configuring DVC, but not saved password * user see - DVC appear as "7890" with red in yellow bgcolor - uid/Password is blank Scenario 4: user return to login page, after not saving pwd or config DVC * it appears as if Scenario 1 I have also attached a demo passoption screen see passoptions.xul attachment 247260 [details]
Severity: normal → enhancement
Caps lock stuff is bug 259059. Please try to keep bugs focused on a single issue.
Depends on: 259059
I agree about the password options. The more options, the more able the user will be able to keep their passwords safe, as shown in bug 360493. I'm all for this enhancement, with all the hype going around about needed restrictions for PM.
First off, this bug is way too general and non-specific. In the future, as Jesse said in comment #6, please keep the scope of a bug as narrow as possible. That said, the proposal mockup in attachment 247258 [details] isn't something I can ever see us implementing as a default. A popup window with a dozen things to select from is extremely confusing. This kind of thing might be useful as an extension for those who want the extra control, though.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Yikes. Go google on "paralysis of choice" for many explanations of why this would be dead wrong as a default.
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: