Closed Bug 598759 Opened 14 years ago Closed 14 years ago

"Remember password" doorhanger should have 'not now' option

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WONTFIX

People

(Reporter: pino_sb, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [doorhanger]) 

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100922 Firefox/4.0b7pre
Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100922 Firefox/4.0b7pre

When logging into a website, a "remember password?" doorhanger appears. If a user doesn't want to save his password, he can dismiss the dialog by clicking anywhere on the page (hiding it). There are cases however, where this is not enough, since the dialog can be recalled at any time. Say I log into my email on someone else's computer so that he can read an email of mine... As I can't actually remove the ability to save the password, I would have to constantly watch to prevent the other from stealing my password. An explicit "not now" option in the doorhanger notification would be much wanted here. Choosing this option would remove not just the notification, but also the ability to recall it, and thus ascertain the password's safety.

Reproducible: Always

Steps to Reproduce:
1. Log into a site
2. Dismiss the "Remember password" dialog
3. Confirm that it remains callable in the location bar
Actual Results:  
At any time the password can be saved, in a matter of seconds. When on your home computer, this can be great, since you can ie. verify the password works and is needed, before saving it. On a computer that is not yours, this means someone can steal your password very easily at any moment.

Expected Results:  
It should offer an option 'not now', as the old dialog allowed...
Blocks: 567814
You can do this simply by clicking outside of the doorhanger to dismiss it.
No longer blocks: 567814
Depends on: 567814
Version: unspecified → Trunk
How about an "option to remember username only"? And finally close bug 101664.
In reply to comment 1: Clicking outside the doorhanger hides the dialog from view, but it can be reopened at any time by clicking on the key icon in the location bar. That's quite different from actual dismissal.

In terms of the 'doorhanger' analogy; clicking outside the dialog only turns around the doorhanger but leaves it on the knob, so that it can be shown again at any moment, while a "not now" option would truly remove it. In the case of password saving there can be good reasons to prefer the latter.
Blocks: 567814
No longer depends on: 567814
Keywords: regression
Status: UNCONFIRMED → NEW
Component: General → Password Manager
Ever confirmed: true
Product: Firefox → Toolkit
QA Contact: general → password.manager
Not worth the cost for showing it to all users all the time, the point of doorhangers is to help streamline these interactions (click-to-dismiss instead of not-now for dialogs).

If you don't trust the computer you're using, it's already Game Over. For all you know they're running a modified Firefox that steals your password. But other workarounds would be to close the tab, or better yet start Private Browsing mode.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Whiteboard: [doorhanger]
Status: RESOLVED → VERIFIED
This bug should be reopened. This is a huge attack vector.

(In reply to comment #4)
> Not worth the cost for showing it to all users all the time, the point of
> doorhangers is to help streamline these interactions (click-to-dismiss instead
> of not-now for dialogs).

Make a "Don't Save For Now" option part of the drop-down menu in the doorhanger. It's not always in the user's face, but it is there if the user chooses to.

> If you don't trust the computer you're using, it's already Game Over. For all
> you know they're running a modified Firefox that steals your password. But
> other workarounds would be to close the tab, or better yet start Private
> Browsing mode.

Not a valid argument. This is like saying a computer might have a keylogger and therefore we should make Firefox save all passwords because it is unavoidable anyways. We're not talking about modified versions of Firefox here. We're talking about a flaw that makes it damned easy for people with UNMODIFIED versions of Firefox to steal YOUR personal info. Firefox, being a safe and secure browser, should not in anyway AID in the stealing of passwords.

Here's two usage scenarios that I see where the lack of "Don't Save For Now" is severely detrimental. Let's say that a user is using a public computer and needs to print an email. He leaves the computer to retrieve the pages he's printed.

*Without "Don't Save For Now"
1.) User logs in to email.
2.) He sees Password Save doorhanger. Dismisses (hides) it because he does not want to save password.
3.) Prints email and leaves computer to retrieve pages from printer.
4.) ATTACK VECTOR: Another user reopens doorhanger, saves password, opens Password Manager, writes down password.

*With "Don't Save For Now"
1.) User logs in to email.
2.) He sees Password Save doorhanger. Selects "Don't Save For Now". Doorhanger completely disappears.
3.) Prints email and leaves computer to retrieve pages from printer.
4.) ATTACK PREVENTED: Another user sees email account is open, but can not access password. The worst he can do is send insulting emails to your girlfriend, but at least your password is safe.

I really hope this makes it clear why this feature is needed. This is a huge security hole for people using Firefox in Internet cafes or public schools. This is also a huge regression in functionality from Fx 3.6, which did offer a "don't save for now" option in the form of the X button.
(In reply to comment #5)

Very well put Benjamin, can you file a new bug and mark it security so it at least it gets looked at?
Filed bug 635439
You need to log in before you can comment on or make changes to this bug.