Closed Bug 397143 Opened 17 years ago Closed 17 years ago

Saved passwords delete without confirmation

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: k_tothe_amil, Unassigned)

References

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Build Identifier: 2.0.0.7

I was drinking a bit and forgot a password to a site that I use that doesn't auto-login. When I showed passwords, I pressed R by accident, instead of my msn window, and it deleted a crapload of my passwords!!!!!!!!!!  I couldn't restore them any which way I tried!!!  There really should be a confirmation for EACH deletion!!! 

Reproducible: Always

Steps to Reproduce:
1.Open Passwords list
2.Show passwords
3.Press R
Actual Results:  
Deleted my damn saved passwords!!!

Expected Results:  
Ask for a confirmation or something!!!
I think this issue was already dealt with in bug 266945, which added a confirmation prompt to the "Remove All" button (but not the button to remove just one). While accidently deleting a password is kind of sucky, so is clicking "ok" every time you intentionally want to delete a password.

CCing a couple UX folks to verify this is what we should do (or reopen if it isn't), since 266945 isn't exactly crystal clear about this.
Severity: critical → normal
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
I agree with dolske here - the big catastrophe, deleting all saved passwords with one errant keypress, needed to be trapped, but mucking about in your password manager is already playing with some amount of fire.  Deleting a password is an annoyance (more or less, depending on whether you actually remember the password) but for that percentage of users sophisticated enough to find and want to manipulate their passwords in the first place, dialog boxing every deletion would be a pretty big pain.
Product: Firefox → Toolkit
A solution could be to make such a confirmation optional with about:config.
I would like this issue to be opened again and worked upon.

I just had a similar mishap: I was setting up a new mobile phone, so I had to look up a lot of passwords from FF's pwd mgr. In order to "mark" the line with the password to be entered I clicked on it, so that the whole line was hilited.

When I was done entering the password I wanted to look up the next account, so I hit "Backspace" on my Mac to supposedly delete the filter pattern in the "Search:" text field at the top of the password manager. But I forgot that a line in the list of saved passwords had the focus, so hitting "Backspace" actually deleted a saved password WITHOUT any confirmation.

This is a really bad thing. Before actually deleting something you should prompt the user for confirmation. For people who think they actually ALWAYS know what they're doing there's always the possibility to have a "Never ask me again" checkbox.

So, regardless how you delete, be it with the "Remove" or "Remove All" pushbutton or with the keyboard, by default you should ALWAYS ask for confirmation.

Thanks very much for considering this, in the hope that we save many people from inadvertently deleting their precious credentials.
You need to log in before you can comment on or make changes to this bug.