Closed Bug 573700 Opened 14 years ago Closed 8 years ago

CertPassPrompt String might be wrong.

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 306730

People

(Reporter: shaohua.wen, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-smartcard]) 

In file chrome://pipnss/locale/pipnss.properties , the string 
CertPassPrompt=Please enter the master password for the %S.
Is asking for a master password. 
But actually when the user saw this dailog, it's asking for password of the Certification.
So I think this string might be wrong.
I guess  it should be "Please enter the password for the %S."
Amax, Correct me if I'm wrong :)
Thank, Shaohua.
It's asking for password for the Cryptographic token, not the master password of Firefox.
The problem is worse in Chinese translation, where the translation for master and primary are basically the same, so the user will think "Why is it called primary password, is there a secondary password?". Which makes the user confuse
Component: General → Security: UI
Product: Firefox → Core
QA Contact: general → ui
The passwords remembered by password manager could be described as secondary passwords.

I just tried to login to a crypto token and the text I saw was: "Please enter the master password for the <name of token>". Can you confirm that <name of crypto token> was included in the message, when it prompted you for the crypto token password?

If a user uses crypto tokens, and therefore has multiple master passwords (one for the software database, one for each token), I agree the term "master password" is confusing.

Maybe we should do the following:

- keep the term "master password" whenever we refer to the
  password for the software security device = the software cert database

- when refering to other crypto tokens, remove the term "master", 
  and use wording "please enter the password for <crypto token name>"

Bob, Nelson, what do you think?
Blocks: masterpassword
> when refering to other crypto tokens, remove the term "master", 
> and use wording "please enter the password for <crypto token name>"

This is, and always was, the right answer.  

In addition, if possible we should tell the user WHY we're asking for it;
that is, what operation we're trying to do that wants it.  

Unfortunately, the term "master password" is now found in many (tens? 
hundreds?) of mozilla web pages.  Eliminating it will create confusion 
leading to LOTS of user questions. ("Where did the master password prompt go?")
I wrote:
> if possible we should tell the user WHY we're asking for it;
> that is, what operation we're trying to do that wants it.  

To expand on that ... 
I use SeaMonkey, which is a browser, IMAP/POP email reader, SMTP email sender, 
NNTP news reader/sender, LDAP client, and other things, all rolled into one.  
On occasion, while I'm reading a web page or mail message, I get a "master 
password" dialog prompt, out of nowhere.  It doesn't tell me what part of SM wants it or why.  I always wonder:

- does it want to decode some web site password?  If so, for what web site?
(I didn't just click any link, so it shouldn't be doing any web fetch.)

- does it want to decode a mail or news server password?  Which one?

- does it want to sign something?  If so, what?  

In all such cases where the prompt is unexpected, I click cancel.  
I'm not going to enter my master password, like a monkey, just because I 
was asked for it.  It bothers me that a Mozilla product, which I use 
because I like to think it is the most trustworthy product for the purpose 
for which I'm using it (i.e. most trusty email client, most trusty browser,
etc.) could potentially be asking me for the secret I guard most carefully
for no good reason at all, and won't tell me why.
Kai:
    Yes, I can confirm that the crypto token name is included in the message.
Nelson:
    I can't agree more!
Whiteboard: [psm-smartcard]
The "master password" word is really confusing and refers to another feature of Firefox.
In most of the case the term should be translated with the term "PIN" (Personal Identification Number), which is -at least here in Italy- commonly used for the smart card "password".

I would suggest to replace the phrase with "Please enter the PIN for the %S. or, at least "Please enter the PIN/master password for the %S."
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.