Closed Bug 461455 Opened 15 years ago Closed 9 years ago

Master password prompt is a modal dialog


(Firefox :: Security, enhancement)

Not set





(Reporter: theprash, Unassigned)


(Blocks 1 open bug)


(Keywords: uiwanted)


(1 file)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-GB; rv: Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv: Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3

Firefox has made good progress in making password saving work with a drop-down bar rather. Not just because the modal dialog was impractical. It was also annoying. The modal dialog that informed you that a server wasn't responding was also removed. Again, because it was annoying. Using these as a precedent I'm going to put forward the following as a bug rather than a feature request.

When asked for the master password a modal dialog box pops up and interrupts your surfing experience when you don't necessarily want to use it. For example, the following instances:

1) If you don't want to log in to a site but there is a log-in form in the corner of the front page.

2) If other people are using your computer and they want to log in to their account and not yours. (For me, one of the reasons that the master password exists is so you can let friends use your computers without worrying.)

Of course, the trade off is that using the master password would require an extra click but this is not a big deal since you do not need to do this many times. (As a side note, developers should go through every modal dialog in Firefox and ask themselves if it's absolutely necessary that they are modal and that they exist. Having said that, the only other ones I can think of that still are exist are security warnings and are fairly important.)

Hopefully, this will be easy to implement if there is a very standard way to call upon those slide-down bars. I don't know what they're called.

Reproducible: Always

Steps to Reproduce:
1. Save a password for a website.
2. Activate the master password feature.
3. Visit the site's log-in page, without the intention of using the saved password.
Actual Results:  
A useless modal dialog appears, that won't let you do anything until you click cancel or press escape.

Expected Results:  
An unobtrusive bar slides down at the top of the browser asking if you would like to enter the master password, with a button to click on to do so.
Your "one extra click" becomes a big burden if it's one extra click
each time the MP is needed.  

You apparently have your master password usage set to ask you only once
per browser process lifetime.  But other people have their master passwords
set to ask them when it is needed after N minutes of not being used 
(where N is user settable, and can be effectively 0, meaning ask every time
it is needed).  

Having master passwords "time out" after a few minutes of inactivity is 
considered more secure, like like a screen saver password.  If you walk away 
from your system, you don't have to worry so much about someone using it as 
if they were you.  

FF should not make MP's unusable for users who take their security more 
Severity: normal → enhancement
However, the number of people who use master passwords is likely to be greater than the number of people that time out their master passwords, since the former is visible in Preferences and the latter is functionality added by an extension as far as I can tell.

Perhaps an about:config setting could switch between modal and unobtrusive. Or perhaps since it only affects those using an extension, the extension itself should deal with the problem you mention. This issue really does kill the user experience for someone using another person's profile. For most normal people with shared usage of a computer, this is a common situation.
Nope.  No extension required. Standard part of FF and SM.
In SM, the preference panel for master passwords has all that config.
In FF, it's configured through about:config.
There are also extensions that will manipulate the prefs, but the code 
underlying the prefs is standard base product.
OK. Standard but hidden in advanced preferences. So the point about the number of people using it is still valid. i.e. it is likely that out of the people using master passwords more of them don't use a time out.

And is it really that relevant what SeaMonkey does? From its website, it seems that mozilla just provide hosting and legal backing. Are they obliged to take on every change made in Firefox? I have never used so I don't know the extent of the similarity.

Anyway, all this is a bit besides the point in my opinion. Even for me, the modal dialog is more often useful than not (and I close my browser whenever I'm not using it). But when it's useful it's slightly more convenient than my suggested alternative. When it's not useful I find it incredibly irritating. One click and then typing a master password is still much easier than remembering and typing all of your usernames and passwords until you leave Firefox idle. So my proposed change would not make master passwords "unusable" as you put it.

I have also left out another situation where the modal dialog gets in the way. When you're waiting for a passworded site to finish loading and switch to another tab, when the first tab finishes loading you're hit in the face with an obstruction. I accept, though, that this is uncommon.
> Are they obliged to take on every change made in Firefox?

They are forced to.  They share a large amount of code in common with FF.
When FF changes that common code, so that it no longer can function as it
did before, they are often left with something that is unsatisfactory to 
their users.
In my opinion, if this is implemented it must be a setting. I like the modal dialog behavior. 99% of the time I want to enter my password, so having to do an extra click would become annoying for me.
I completely agree with Allen. Moreover, I want to have *one* prompt even when several windows may be wanting the password (see bug 117175), implementing this RFE would make the situation with having multiple prompts even worse.
I also support the ideal of no modal interrupts ever as it does interrupt my work flow and this is one of the ones that I find particularly annoying. Contrary to what Aleksey says, I believe that it's this bug that makes the "*one* prompt even when several windows may be wanting the password" bug worse.

@Aleksey, the bug you pointed to appears to be the wrong one.
Please excuse the poor quality of this illustration.
I'd like to request a non-modal master password UI as well.

There's lots of evidence that modal dialogs are best avoided because they get in the user's way. I've personally struggled with the master password dialog when I'm opening my browser to quickly show something to someone and _don't_ want to enter my credentials. Also, friends and family using my browser to quickly look up something tend to get very annoyed by the dialog.

Looking at some of the calls to keep the current UI as it is, it came to my mind that the main problem appears to be that Firefox can currently show a non-modal UI per-tab ( as a panel above the tab, for example ) but it cannot show app-level non-modal UI easily.

Ideally, I'd like to see something like this screenshot ( ) in the future, especially now that it's being reported that reducing modal dialogs is a goal for Firefox 4.
Totally agree. Currently the number of sites that prompt me for the master password is rising exponentially due to the embedding of the facebook-like and flattr-buttons (thus this should probably marked as a bug as it is getting more and more annoying).

In case a website (and not an addon) requests the master password, I would propose to have a "slide in" at the top of the page, just like the "Do you want Firefox to remember this password" "slide-in". The slide-in could either have an text-field for the user to enter the password or in case this may be considered insecure (as an addon could listen to the key-events) it could just have a button to open up the master password dialog.

Bug 534056 and Bug 546906 relate to this bug. Bug 534056 is especially interesting as it proposes to consider the user intentions. maybe the dialog should only appear, when the user hovers with the mouse over the login fields or sets the focus in it via key. this should probably be just an option.

Blocks: 616843
It would be particularly nice if one could continue to switch tabs while a particular tab shows such a prompt. So, if tabs A and C want the master password while tab B doesn't, I should see the prompt if I activate A or C, but I should be able to use tab B without cancelling this prompt. Additionally, for slow-loading pages, a background tab must not get activated automatically just to show the prompt.

Added to my list of window-modal dialogs that should not be window-modal (bug 616843).
Ever confirmed: true
Blocks: 59314
I agree with André, the "remember password for this site" callout reuse would be a consistent and not obstructive way to show the master password dialog (which should only be shown on pr tab basis, Bug 513534).

The current behavior in 4.0 beta 9 drives me nuts, as I have several pinned tabs with login forms in my session.
No longer blocks: 59314
While I agree with comment 11, I find this idea very amusing because if it is ever implemented, it will combine with bug 560793 to cause a crash (or is it possible for some system-modal dialogs to be "more modal" than others? :)
I'd like to see this as well.  Sync/Weave syncing makes the master password prompt come up just when I'm 50% through entering my first URL after opening the browser first thing in the morning.  Drives me batty when I realize 1/2 the URL went into the password dialog instead of where it belonged.

I can see the point about people who don't want the extra click, so I think an option would be worth it to keep the older modal standard.
Comment 17 raises a different point -- namely, dialogs that steal focus, especially by surprise, are a bad thing.

I would like to see a command-line option that causes the password dialog to be the first thing that appears when Mozilla runs.  Then again, certain Mozilla developers seem to enjoy cavalierly disabling features for Windows users, and have done so with ALL command-line arguments; see bug 355889 comments #12 and #15.
Weave/Sync periodically attempts to synchronize with the server and prompts for the master password.  This is a modal prompt that interrupts *any* application on the computer (Mac OS X), even if it's not FF.  The prompt floats above all other applications, and by dismissing it, it changes the active application to Firefox.  This interrupts workflow in other applications.

Following comment #1, I am a user who takes my security seriously, am I have my master password time out after a period of Firefox inactivity, so these prompts appear at annoying intervals and interrupt work in any other application.
Whiteboard: [defect] p=0
No longer blocks: fxdesktopbacklog
Flags: firefox-backlog+
Whiteboard: [defect] p=0 → p=0
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Closed: 9 years ago
Resolution: --- → WONTFIX
Is there going to be any other kind of protection for the password database?
I use master password on each computer too, because I want to store my passwords encrypted. 

Justin Dolske, can you describe in more detail what you mean by "we don't want to further develop the existing master password functionality"?

Will Firefox master password be replaced by some other encryption system?
Maybe we should simply push for the existing master-password mechanism to be ported to the Autofill add-on.  About half the passwords I use on web sites have to be saved using Autofill already, because FF's password mechanism doesn't recognize the fields as passwords.  Example:
John, isn't that the general password mechanism you are referring to instead of the master pw specifics?
I also wouldn't recommend to port the master password mechanism to a plugin - I tell people that it's one of FF's great build in features.
Maybe this discussion should get moved to a Google group?
(In reply to John David Galt from comment #26)
> About half the passwords I use on web sites have to be saved using Autofill already, because FF's password mechanism doesn't recognize the fields as passwords.  Example:

Please file bugs on each site where the password manager doesn't let you autocomplete with the dropdown (it's a known issue that autofill doesn't work if the page sets autocomplete=off) so we can fix them. I filed bug 1120130 for you.
Whiteboard: p=0
You need to log in before you can comment on or make changes to this bug.