Closed Bug 821962 Opened 13 years ago Closed 13 years ago

Remember Master Password

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
17 Branch
Platform:
x86_64
Windows 8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 665370

People

(Reporter: xyteran, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 Build ID: 20121128204232 Steps to reproduce: 1. Enter master password. 2. Close Firefox. 3. Reopen Firefox. Actual results: I was prompted again for my master password. Expected results: There should be a way to set a period of time for which master passwords are remembered so that this issue does not present itself. I want to keep my passwords hidden, but I do NOT want to have to enter my password every single time I'm on Firefox.
Firefox have to store the master password unencrypted on the disk if the master password should work without entering it again. That makes the masterpassword a useless security feature and that's the reason why this bug report can not be fixed
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Once I enter the master password, that state is stored until the browser is closed. Simply having that state persist after the browser closes would not be nearly as unsecure as disabling the master password altogether. However, it would be much, MUCH more convenient than keeping the feature as it is. I understand what you are saying, but this feature should at the very least be provided as an option. Otherwise, other alternatives should be considered. Maybe a way to password-protect access to the "Show Passwords" screen without any further encryption. I understand the security risk of that, but there should be intermediate security options, rather than just "maximum" and "none".
>Once I enter the master password, that state is stored until the browser is closed It's of course not stored. The keyword is only in the ram. >Simply having that state persist after the browser closes would not be nearly as >unsecure as disabling the master password altogether. It would be more insecure because most user would think that their passwords are save and they are not in both cases (stored vs without masterpassword). >Otherwise, other alternatives should be considered. Maybe a way to password-protect >access to the "Show Passwords" screen without any further encryption. That would give you zero additional security. I can copy the 2 files that contain the passwords faster on an USB flash drive as I could remember the passwords in the show password list.
I do see what you're saying, but it's more secure because most people do not know where those passwords are stored. Anyone, however, can see the "show password" button in the options menu.
found a bug dupe target where this has been already discussed to death.
Resolution: WONTFIX → DUPLICATE
You need to log in before you can comment on or make changes to this bug.