Closed Bug 553400 Opened 10 years ago Closed 2 years ago

Sync credentials are cleared if the user sets Firefox to clear saved passwords on quit

Categories

(Firefox :: Sync, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1102184
Future

People

(Reporter: Mardak, Unassigned)

References

(Depends on 1 open bug)

Details

Dan says he's using the default settings for clear-on-quit, and it includes clearing out saved passwords. So because Weave stores its passwords in the password manager, they get cleared out and Weave no longer can log in.
It's not the default, FWIW.

http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#410
http://mxr.mozilla.org/mozilla1.9.1/source/browser/app/profile/firefox.js#397
pref("privacy.clearOnShutdown.passwords",   false);

Not sure what the right approach is here offhand.
Summary: Weave fails to autoconnect/keep its passwords if the user clears on quit → Weave fails to autoconnect/keep its passwords if the user clears passwords on quit
The only true way to fix this would be to store passwords in some other format.  I don't know if that's right/useful, but it's not a priority, so Future.
Target Milestone: --- → Future
Duplicate of this bug: 600313
Component: Firefox Sync: UI → Firefox Sync: Backend
QA Contact: sync-ui → sync-backend
Duplicate of this bug: 626208
Duplicate of this bug: 649162
Duplicate of this bug: 667574
Duplicate of this bug: 561812
Duplicate of this bug: 702177
Summary: Weave fails to autoconnect/keep its passwords if the user clears passwords on quit → Sync credentials are cleared if the user sets Firefox to clear saved passwords on quit
There is a kind of work-around:

- clear all of your passwords using "Tools | Clear Recent History"
- uncheck the option that deletes saved passwords on exit (Preferences | Privacy | History)
- uncheck "Remember passwords on sites" (Preferences | Security | Passwords)
- enter your sync password

That way, the Sync password is the only thing that's in the password store and it stays there.
I'd like to see security's perspective on this.
I am unsure of what the particular use case for sync + clear-on-quit is. This appears to be a temporary sync of sorts, but then I don't know why you would want your sync credentials on the machine at all.

The best use case I can think of is if you have explicitly set clear-on-quit to clear passwords only for privacy reasons. However, I still don't think you would want your sync credentials to persist on the machine since an attacker with those credentials can pull down your other passwords.

I don't think storing the credentials in any of the normal Firefox locations works because the user won't normally know that the credentials are stored in passwords / local storage / site preferences.

Assuming that the use-case is for a temporary sync, could we add a feature to sync to only persist the credentials in memory? Quitting Firefox would require the user to redo JPAKE or BID login (once implemented).
(In reply to David Chan [:dchan] from comment #11)
> Assuming that the use-case is for a temporary sync, could we add a feature
> to sync to only persist the credentials in memory? Quitting Firefox would
> require the user to redo JPAKE or BID login (once implemented).

I /think/ this would be a feature of "login to the browser."
I personally use Sync to store bookmarks but not passwords. So I do want Sync to save its credentials, but I don't want anything else stored in the password store. Therefore, the work-around I described in comment 9 works very well for me.

The only thing that is a bit of a usability problem IMHO is that there should be some kind of warning when you enable Sync and have "clear passwords on quit" turned on. I got confused when I first enabled Sync and had to reenter the Sync password at every login.
(In reply to Francois Marier from comment #13)
> I personally use Sync to store bookmarks but not passwords. So I do want
> Sync to save its credentials, but I don't want anything else stored in the
> password store. Therefore, the work-around I described in comment 9 works
> very well for me.
> 
> The only thing that is a bit of a usability problem IMHO is that there
> should be some kind of warning when you enable Sync and have "clear
> passwords on quit" turned on. I got confused when I first enabled Sync and
> had to reenter the Sync password at every login.

Thanks for clarifying your use case. I agree that the UX is confusing. Maybe we could store the credentials under Site preferences or offline storage?
Are site preferences or offline storage protected by the master password? If not, those options would be a non-starter, I think.
(In reply to Gregory Szorc [:gps] from comment #15)
> Are site preferences or offline storage protected by the master password? If
> not, those options would be a non-starter, I think.

They aren't as far as I know. The credentials would have to be encrypted before hand. I wonder if it possible to retrieve the ciphertext for master password protected credentials. Those could then be persisted in another data store and "synced" back to the password storage.
Duplicate of this bug: 546776
Depends on: 638966
Depends on: 644898
Duplicate of this bug: 881175
Duplicate of this bug: 881175
The same is happening, if inside the password manager you remove all passwords. (see bug 88175). 

A solution would be, if that would only clear all passwords *except* the sync-password.
typo in last comment 20: I meant bug 881175
I'm hopeful that these issues will be addressed by PICL.
Duplicate of this bug: 793232
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1102184
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.