Password Manager should not be automatic, they should be manual.




12 years ago
11 years ago


(Reporter: number15, Unassigned)


1.8 Branch
Windows XP

Firefox Tracking Flags

(Not tracked)




12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070914 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070914 Firefox/

1. Most user have no idea what password manager is.
Prove: Let your friends and family use your computer. Sooner or later you will be able to check one of their e-mail. 

2. "Most of us" have less than 20 passwords for websites.
Prove: 1 Gmail account, 1 Hotmail account, 1 Yahoo account, 1 CNet/, 1 Flickr account, 1 Friendster account, 1 MySpace account, 1 Mozzila account, and 13 other accounts.

There is more to lose than to win by having automatic password set. Anyone who want to do automatic password reminder should do it manually on the setting. I had one guy who work at an internet cafe and he had no idea why after login out his e-mail sometimes he can still go back to his e-mail. More of us who know what password manager is, know how to get to Tools, Options. Most who don't know what password manager is, doesn't even know "Option or Preference" existed in every software's menu.

At least, please don't put password manager to remember our password at default. That is Convenience over Security.

Reproducible: Always

Steps to Reproduce:
1.Install Firefox 2.0
2.Enter a website with password.
3.Not knowing what Password Manager is.

Comment 1

12 years ago
not sensitive or major.
Group: security
Severity: major → enhancement


12 years ago
Version: unspecified → 2.0 Branch
Isn't this solved by the password manager changes Dolske has made for Firefox 3?

For Firefox 2 users the "Secure Login" add-on might offer some protection, but you'd have to install it exlicitly which might help you but not people in general (
Password Manager does not save passwords by default. In order to save a login, the user has to make a non-default choice. For example, the default choice on the "save this login?" prompt is "Not Now." For HTTP logins the checkbox to remember the login is not checked by default.

An internet cafe should disable password manager, along with not remembering cookies (and all the other privacy-sensitive settings, for that matter). Sites like Gmail and Yahoo can log you back in via cookies without ever invoking the password manager.

The vast majority of users are not in internet cafes, so it doesn't make sense to disable these things in the default install.
Last Resolved: 12 years ago
Resolution: --- → INVALID


11 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.