Closed
Bug 381406
Opened 18 years ago
Closed 18 years ago
Firefox stores unencrypted passwords without warning user, and suggesting setting a master password
Categories
(Toolkit :: Password Manager, defect)
Toolkit
Password Manager
Tracking
()
RESOLVED
DUPLICATE
of bug 352692
People
(Reporter: christopher.giffard, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)
Firefox will happily store unencrypted passwords without warning the user that they are plainly viewable in the password manager, unless a master password has been set.
It is irresponsible to assume that users know their passwords are stored as plaintext without a master password, and how to set one - I know software developers who had no idea how firefox handled their passwords.
Reproducible: Always
Steps to Reproduce:
1. Type a password/username combination into a web form and submit it.
2. If firefox is set to ask users whether to remember their passwords, the default 'Would you like firefox to remember this password' will appear.
Actual Results:
The dialog does not contain any sensible security information about how the passwords are treated, nor does it prompt the user to input a master password.
Expected Results:
The dialog should contain some information about how passwords are stored, and information about how to set a master password, as well as some kind of shortcut button which will open the security section of the preferences dialog.
|
||
Comment 1•18 years ago
|
||
A lot of people don't want a master password and want easy access.
But maybe there should be more information the first time the dialog is shown. Although most people don't read the contents of unexpected pop-ups, they just want to go on.
I think this bug could be a duplicate.
Whiteboard: [DUPEME]
|
|
||
Updated•18 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Whiteboard: [DUPEME]
|
Reporter | |
Comment 3•18 years ago
|
||
(In reply to comment #1)
> A lot of people don't want a master password and want easy access.
> But maybe there should be more information the first time the dialog is shown.
> Although most people don't read the contents of unexpected pop-ups, they just
> want to go on.
> I think this bug could be a duplicate.
>
I appreciate that it is a duplicate, but I do think it is a SERIOUS problem which does matter - maybe not for x million people, but for a significant proportion of people for it to be an addressable issue.
|
|
||
Comment 4•18 years ago
|
||
There is always a certain discrepancy between safety and convenience and therefore it is a difficult choice. The best place to store your important (banking etc.) passwords is in your personal memory only, also very important is to secure a wireless network and to update your security (antivirus) software frequently.
Bug 352692 has the status NEW so that doesn't exclude a fix. You can take your vote away here and put it on the other bug. :)
|
Assignee | |
Updated•17 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•