Closed
Bug 598115
Opened 14 years ago
Closed 14 years ago
Remove the option to Email Sync Key from install wizard
Categories
(Firefox :: Sync, defect)
Tracking
()
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | beta7+ |
People
(Reporter: rags, Assigned: philikon)
References
Details
(Whiteboard: [strings])
Attachments
(1 file)
8.32 KB,
patch
|
mconnor
:
review+
|
Details | Diff | Splinter Review |
The current implementation of the setup wizard allows you to email yourself the Sync Key as one of the backup options. While it has usability benefits, it poses serious security risks.
Personally, I definitely see the usability value of having a backup in email. It helps both setting up additional devices as well as helping with recovery if all known copies of the key are lost somehow.
However, the risk that comes with emailing essentially the key to the kingdom far outweighs the utility, especially given both the insecure nature of email and how the Sync architecture is based on the Sync Key being secret.
To address the concern around ease of setting up additional devices, we will do a couple of things. In the Fx 4 time frame, we will recommend that users go look up their Sync Key on their desktop when setting up Sync on other devices (especially Fennec and Firefox Home). Beyond Fx 4, we will provide other mechanisms (QR codes, Netflix style activation etc) to make setup easier.
I've talked to Jay as well that we are going to be moving in this direction.
Reporter | ||
Comment 1•14 years ago
|
||
Just want to add that the other options (Print and Save) will still be available.
Updated•14 years ago
|
Assignee: nobody → philipp
blocking2.0: --- → beta7+
Comment 2•14 years ago
|
||
I'm glad that you've talked to Jay, but you didn't talk to me, and that's pretty much a must when changing a feature like this. :)
I do not think that copying it to a clipboard is in any way helpful. If the issue is that we want to remove the email option, then let's make the bug about removing the email option.
Updated•14 years ago
|
Whiteboard: [ETA: 9/24]
Updated•14 years ago
|
Whiteboard: [ETA: 9/24] → [ETA: 9/24][strings]
Assignee | ||
Comment 3•14 years ago
|
||
(In reply to comment #2)
> I do not think that copying it to a clipboard is in any way helpful.
I think it is, if people want to send themselves an email (ick), paste it into a file on their encrypted harddrive or a personal USB pendrive, or some external password manager they use (e.g. 1Password). It's certainly better and way more flexible than Email.
> If the issue is that we want to remove the email option, then let's make
> the bug about removing the email option.
Whichever way we decide, it would be good to get an agreement on this, especially since we now have an ETA for this issue.
Reporter | ||
Comment 4•14 years ago
|
||
(In reply to comment #2)
> I'm glad that you've talked to Jay, but you didn't talk to me, and that's
> pretty much a must when changing a feature like this. :)
Sorry about that, I should have closed the loop on our email conversation.
> I do not think that copying it to a clipboard is in any way helpful. If the
> issue is that we want to remove the email option, then let's make the bug about
> removing the email option.
The bug *is* about removing the email option, but as philikon says in comment #3, I do think Copy to clipboard is useful to people that have other ways of saving sensitive information. Do you feel strongly that we should *not* provide users that option?
Comment 5•14 years ago
|
||
Is it possible for us to block activating the next control until we've detected a paste? If we activate next right after they click copy, we might get a lot of users who decide not to save their Sync key at all.
Comment 6•14 years ago
|
||
I think we should copy plain text of they key+explanation. If the user decides to place it into a text file, or an encrypted note in keychain etc, we want to have the context around it just as if they hit save or print.
Assignee | ||
Comment 7•14 years ago
|
||
(In reply to comment #5)
> Is it possible for us to block activating the next control until we've detected
> a paste? If we activate next right after they click copy, we might get a lot
> of users who decide not to save their Sync key at all.
The paste would happen in another app, so the only thing we could possibly check for is that the wizard window loses focus... But do we really have to babysit the user this much? After seeing the UI in action for a while now I'm even wondering whether the whole block-next-until-you've-saved thing was such a good idea...
(In reply to comment #6)
> I think we should copy plain text of they key+explanation.
That feels wrong to me.
> If the user decides
> to place it into a text file, or an encrypted note in keychain etc, we want to
> have the context around it just as if they hit save or print.
So it would basically be the same text as in the email?
Comment 8•14 years ago
|
||
I agree that these types of mitigation steps are kind of annoying (users are going to want to just plow through this part of the process and ignore the key). But if we get fewer support emails saying "I lost that sync whatever, give me my data back!" I think taking some annoying steps now creates less overall frustration.
Reporter | ||
Comment 9•14 years ago
|
||
I talked to beltzner earlier today and he feels pretty strongly that we should *not* provide a copy to clipboard button. I'm fine with that and so is mconnor.
Assignee | ||
Comment 10•14 years ago
|
||
(In reply to comment #9)
> I talked to beltzner earlier today and he feels pretty strongly that we should
> *not* provide a copy to clipboard button. I'm fine with that and so is mconnor.
Are we still removing the email option then, or is this a WONTFIX?
Reporter | ||
Comment 11•14 years ago
|
||
Yes, we are removing the Email option. We'll only have Print and Save to file.
Updated the summary to reflect that.
Summary: Replace Email Sync Key with Copy to clipboard → Remove the option to Email Sync Key from install wizard
Assignee | ||
Comment 12•14 years ago
|
||
Attachment #477479 -
Flags: review?(mconnor)
Updated•14 years ago
|
Attachment #477479 -
Flags: review?(mconnor) → review+
Assignee | ||
Comment 13•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [ETA: 9/24][strings] → [strings]
Updated•6 years ago
|
Component: Firefox Sync: UI → Sync
Product: Cloud Services → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•