Closed Bug 492509 Opened 16 years ago Closed 10 years ago

Allow passwords to opt-out of Master Password when MPW use required for certificates

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: sylvain.prat, Unassigned)

References

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) Using a master password is quite annoying when using firefox daily since firefox asks a password each time it is started, something I do all day long. So, I would like to avoid using a master password for regular, normal use. However, I must keep it enabled to protect my personal certificate (when I need to sign/encrypt some emails), or they may be comprised and used by someone else so easily. What I would prefer is having a master password to protect my certificates, but no master password for regular use (internet surfing). So, I would really love having an option to choose where the master password will apply : filling forms/passwords, accessing/using certificates... Is that conceivable? Reproducible: Always
It's conceivable, but keep in mind that means your passwords are stored unencrypted on your computer. If you think your computer is secure then you could just use a blank or single character master password. It is not an option to skip the master password when using user certificates. Cryptographically secure certificates must be stored encrypted. I wouldn't get your hopes up that this enhancement will be made, but it's a valid request.
Status: UNCONFIRMED → NEW
Component: Security → Password Manager
Ever confirmed: true
Product: Firefox → Toolkit
QA Contact: firefox → password.manager
Summary: Master Password options, to protect certificates only → Allow passwords to opt-out of Master Password when MPW use required for certificates
There's some related discussion in bug 322617. I would like to split apart the password manager's concept of a "master password" from the NSS/PSM concept (used to protect access to a security token and the certificates stored on it). But it's tricky from both a technical and policy/UI point of view.
OS: Windows XP → All
Hardware: x86 → All
Blocks: 534444
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.