Allow me to enter the Master Password Once for multiple sessions, then expire after set time period

RESOLVED WONTFIX

Status

()

--
enhancement
RESOLVED WONTFIX
9 years ago
4 years ago

People

(Reporter: gBa9h6pGtitSwBHC, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [wontfix?])

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)

I would like to have a preference where I can have my master password saved across sessions and expire after a time period I set.  Currently, the user must enter their password every time they start a new session.

The main reason I use the 'Master Password' feature is so in the event my laptop gets stolen, my passwords are not accessible.  If I could limit this to bothering me to enter my password once every 7 days or so, I would be a much happier camper.

Reproducible: Always




I'd also like to see this feature in Thunderbird.

Comment 1

9 years ago
This will almost definitely be closed as WONTFIX.  Once per session has been the standard for at least as long as I can remember.  No would ever be able to agree on a minimum time frame that this should be set to.  I feel anything longer than once per session would cause all kinds of problems like: why isn't the password manager prompting.  what happens if my laptop is stolen on day two of the seven day expiration...and so on.
Whiteboard: [wontfix?]

Comment 2

9 years ago
Not to mention if the thief is smart enough not to start firefox but instead fish your password out of a the file. If I stole a laptop for data, the first thing I'd do is make an image copy of the hard disk...
>Not to mention if the thief is smart enough not to start firefox but instead
>fish your password out of a the file

The passwords are only stored encrypted in a file and the masterpassword isn't stored in a file at all. Or do you mean that it can be retrieved from the OS RAM-to-DISK resume file ?
That would be possible.

On the other hand you can always let the OS ask for a password on resume,
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
(In reply to gBa9h6pGtitSwBHC from comment #0)

> The main reason I use the 'Master Password' feature is so in the event my
> laptop gets stolen, my passwords are not accessible.

A _much_ better option would be to use Whole Disk Encryption (eg Bitlocker on Windows, but there are 3rd party solutions too).
You need to log in before you can comment on or make changes to this bug.