Closed Bug 720159 Opened 10 years ago Closed 7 years ago

Open Master password prompt on a secure desktop

Categories

(Core :: General, enhancement)

x86
Windows 7
enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: bugzilla_mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Build ID: 20111220165912

Steps to reproduce:

Use Firefox or Thunderbird, enable Master password.


Actual results:

Master password prompt pops up in a normal window that can be easily accessed through keyloggers and can be easily faked by website (see  Bug 101611)


Expected results:

Master password prompt should _optionally_ open on a "secure desktop" that cannot be easily accessed by keyloggers or faked by websites.

The Keepass 2 password manager is an example of a software that uses a secure desktop to prevent keyloggers from accessing important (master) passwords. This is probably only possible on Windows (Vista or 7), as secure desktop capability needs to be provided by the OS.

A secure desktop makes everything else turn grey like the UAC prompts do. See https://blogs.msdn.com/b/uac/archive/2006/05/03/589561.aspx for details.
Severity: normal → enhancement
Summary: Open Master password on a secure desktop → Open Master password prompt on a secure desktop
See also Bug 626376 what this one could block.
Version: 9 Branch → Trunk
I just want to show my support for this suggestion.
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.

Further, in general applications can't defend against these kinds of attacks. If you have malware installed on your system, it's game over. Full stop.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.