Open
Bug 401207
Opened 17 years ago
Updated 2 years ago
Add a "Reset Master Password" button to the "Change Master Password" dialog
Categories
(Toolkit :: Password Manager, enhancement, P3)
Toolkit
Password Manager
Tracking
()
NEW
People
(Reporter: reed, Unassigned)
References
(Blocks 3 open bugs, )
Details
(Keywords: uiwanted, Whiteboard: [passwords:master-password] [passwords:primary-password])
Currently, the only way to reset the master password (and, therefore, clear all passwords to start anew) is to go to chrome://pippki/content/resetpassword.xul. There is no UI linking to this page that I can find. I think a simple "Reset Master Password" button added to the left side of the "Change Master Password" dialog would work well. I will copy over the pippki version to toolkit as resetmp to be with its neighbors changemp and removemp.
|
||
Comment 1•17 years ago
|
||
This appears to have been WONTFIXed in bug 270331, although I'm not sure I understand the rationale.
|
||
Comment 2•17 years ago
|
||
Wouldn't the rationale be that people who have a Master Password set are concerned about people who can access their machine, and therefore those people wouldn't want others to have the ability to wipe their passwords?
|
||
Comment 3•17 years ago
|
||
I don't think the intention of a master password is to prevent data deletion. At best that would be a hack, since they could just delete signons2.txt and key3.db from the profile manually. However, I might buy an argument that bug 385951 blocks fixing this bug, as a 3rd party could be tempted to click an easy-to-find "Reset MP" button to avoid the nagging master password prompt.
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
|
||
Comment 4•16 years ago
|
||
If the problem is that people are concerned with what an external link or 3rd party app might do unintentionally, what is wrong with throwing up a dialog box saying "You are about to remove your master password, including all information protected by it - passwords, certificates, etc.". This isn't something a user will do often or lightly, so there is little or no probability of getting into a dialog-box click fatigue. However, making this so that you have to be a computer expert just because you forgot a password (although not mutually exclusive, that is a mighty small subset of the total) is downright counter intuitive, and certainly not practical.
Flags: blocking-thunderbird3?
|
||
Comment 5•16 years ago
|
||
wouldn't block on this; blocking‑thunderbird3-
Flags: blocking-thunderbird3? → blocking-thunderbird3-
|
Reporter | |
Updated•16 years ago
|
Assignee: reed → nobody
|
||
Comment 6•15 years ago
|
||
Isn't this sufficiently done with the checkbox in the preferences pane? Simply uncheck the "Use a master password" checkbox to reset your master password, and then it prompts for your current password before it actually resets it.
|
|
||
Comment 7•15 years ago
|
||
That doesn't work as a practical matter because this is an issue where the current password has been forgotten/unavailable - if you knew the password, you wouldn't need to clear it, you would just change it (or leave it removed).
|
||
Updated•9 years ago
|
Blocks: masterpassword
Component: Password Manager → Security: PSM
Flags: blocking-thunderbird3-
Product: Toolkit → Core
Whiteboard: [psm-backlog]
I think this belongs in the password manager. Note that we're currently advising users in this situation to visit a chrome:// url to reset their password: https://support.mozilla.org/en-US/kb/reset-your-master-password-if-you-forgot-it
Component: Security: PSM → Password Manager
Product: Core → Toolkit
Whiteboard: [psm-backlog]
|
|
||
Comment 9•7 years ago
|
||
The dialog being referred to isn't part of password manager though as MP is about more than just password manager encryption. https://dxr.mozilla.org/mozilla-central/search?q=setPassword.meter.label
Flags: needinfo?(dkeeler)
I guess what I meant was it seems like we should have some sort of (more discoverable) UI for the case where the user forgets their master password, rather than telling people to manually visit a chrome:// url.
Flags: needinfo?(dkeeler)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #10) > I guess what I meant was it seems like we should have some sort of (more > discoverable) UI for the case where the user forgets their master password, > rather than telling people to manually visit a chrome:// url. ... and that that UI should probably be near about:preferences -> Security -> Logins -> "Use a master password", since I imagine that's where most users encounter that situation.
|
|
||
Updated•6 years ago
|
Priority: -- → P4
Whiteboard: [passwords:master-password]
|
||
Updated•3 years ago
|
Severity: normal → --
Priority: P4 → P3
Whiteboard: [passwords:master-password] → [passwords:master-password] [passwords:primary-password]
|
||
Updated•2 years ago
|
Blocks: primary-password
You need to log in
before you can comment on or make changes to this bug.
Description
•