Closed Bug 720498 Opened 13 years ago Closed 12 years ago

Site passwords vulnerable when sync'd to new PC.

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 540975

People

(Reporter: amosher4, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Build ID: 20111220165912 Steps to reproduce: Sync'd bookmarks and passwords to a new PC. Actual results: Passwords easily visible to others on new PC (Tools/Options/Security) via button "Saved Passwords", then "Show Passwords" IF a Master Password has not been established. Expected results: Have FF prompt user after the first time Sync to establish a Master Password, explain why this is important. IMHO this would protect the less sophisticated users who may have created a Master password months ago on the original PC, but would not think to look when they Sync. Thanks
Component: Untriaged → Firefox Sync: UI
Product: Firefox → Mozilla Services
QA Contact: untriaged → sync-ui
Version: 9 Branch → unspecified
There are two components to this bug: 1) Kindly request the user to set up a master password when configuring Sync 2) Have some mechanism in place to protect users from syncing passwords from a master password secured profile to one without a master password. #2 seems to be bug 530975. #1 has been done before. We used to require a master password when using Sync on mobile versions of Firefox. I can't remember if/when/why we changed that. Perhaps someone else can fill in the history then triage this as a valid feature request or WONTFIX as a decision we've already made.
Doh. #2 is bug 540975, not 530975.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 7 → All
Hardware: x86_64 → All
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Component: Firefox Sync: UI → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.