Closed Bug 446537 Opened 16 years ago Closed 16 years ago

Show password should be disabled if no master password is set

Categories

(Firefox :: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 259996

People

(Reporter: liyufx, Unassigned)

Details

(Keywords: privacy)

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1

Right now in the "saved password" dialog, a user can choose to show password, if there is no master password set, the user can simply click "ok" then all password are visible in clear text. This is a HUGE security hole. If a user does not know about this, and he leaves his computer unattended for 5 minutes, anyone could walk up to the machine and get all his saved password, no question asked. This feature should always require a master password, and should be disabled until a master password is set.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
That is bug 259996 basically.
Probably revisiting?

unhiding bug, this is a known issue (yes, bug 259996). There's a userChrome.css fix for individuals who care (bug 259996 comment 22), but that doesn't help the public at large (not tested in FF3, might require small tweaks to the selector at most)

CC'in johnath for UI thinking, mconnor because he WONTFIXed it last time.

To recap the older bug:

- this is not a security hole, huge or otherwise. If you're not using a master password your passwords are vulnerable. If your machine is secure then no worries. If your machine is not secure then anyone who knows what they're doing can easily slurp your passwords with a few commands.

- this definitely lowers the bar for such slurping however -- you don't have to find the profile directory or know what filename to look for. Some argue that's a _good_ thing in so far as it encourages people to set up a master password and actually protect their passwords. Others, like this reporter, are horrified.

- we do a LOUSY job of educating users that the master password exists, let alone why they need to use one.

The original Mozilla-suite had a big explanatory dialog the first time you tried to save a password that explained that passwords were not safe unless you set up a master password. It was ugly though, and Firefox did away with it.

Here's an alternate proposal: the password infobar can include a warning that passwords are not protected each time you save a password and don't have a master password. The warning would be a link that takes people to the "set a master password" pref pane or maybe the help for the feature.

Would that work? Do we have space? Would it be too scary to say "/!\ Passwords not secure"? (yeah, then people just won't save passwords).

"/!\ Protect your passwords" ?
Group: security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: privacy
Given the danger, I would argue that FF should make master password mandatory if people start to use "save password" feature. It is probably going to be ugly and a bit of a hassle to use the first time, but I think the security concern overrule the usability issue. There might be the problem of people forgetting master password, I think that could be solved by allowing people to reset master password without knowing the previous one, but destroy all saved passwords while resetting.
This is a dup of bug 259996.  See also bug 352692, "Inform users that saved passwords are not encrypted/secure (when master password is not used)".
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.