User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; sv; rv:184.108.40.206) Gecko/20070501 Camino/1.5 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; sv; rv:220.127.116.11) Gecko/20070501 Camino/1.5 When I am asked if I want to update a saved Keychain password, after submitting a form, the default option is to update the password. This makes it very easy to update the password by mistake. The default button should be to keep the old password. Reproducible: Always
Assignee: dveditz → nobody
Component: Security → OS Integration
QA Contact: camino → os.integration
The default should be the action that is most commonly the correct action. What's the argument that people would want to keep an old password, which presumably doesn't work anymore, rather than the updated password? (If this is specifically about logging in with a completely different account, then it's a WONTFIX in favor of adding the ability to store multiple accounts per site, which is already filed)
Markus, can you respond to Stuart's comment? I tend to think this is a WONTFIX, too; the only reason right now I don't want to update a changed password is bug 178607.
Hmm, I haven't seen bug 178607 before, it seems like that one would fix most of the cases of accidentally saving a new password (e.g. multiple users/accounts in one browser session.)
Closing WONTFIX then.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → VERIFIED
This bug came out of a discussion with Markus, so I'll just clarify. If you find this case valid, I can file a new bug about it. As far as I can see, bug 178607 is only relevant if you access foo.bar.com and it will ask you to update the previously saved password for baz.bar.com (even though the subdomain is different). This bug as I understand it, was about another situation: 1. I use Markus computer to log into facebook 2. Camino asks if I want to update the previously saved password (which is Markus' password). Of course I don't want to, because that would add my password to his keychain! I've noticed many friends save their passwords in my keychain because of this usability bug. I think the wording can be easily improved in the dialog that asks if you want to save the password. For example, I think the confirm button should be something like "Save this password" (it's something less clear right now). But the real question is: why does Camino ask to save the password even if our login names are different in the form? (Is this what the bug you're referring to is really about?)
Stuart, Smokey: see comment 5
(In reply to comment #5) > 2. Camino asks if I want to update the previously saved password (which is > Markus' password). It won't once bug 178607 is fixed, because the username doesn't match. Your characterization of bug 178607 is not correct.
You need to log in before you can comment on or make changes to this bug.