Closed Bug 96018 Opened 23 years ago Closed 23 years ago

Create "Reset Master Password" button

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.1

People

(Reporter: lord, Assigned: inactive-mailbox)

References

Details

(Whiteboard: PDT+, on trunk, waiting for 0.9.4 check in)

Attachments

(21 files)

First patch, without confirmation prompts
3.93 KB, patch
Details | Diff | Splinter Review
Patch rev. 2
12.49 KB, patch
Details | Diff | Splinter Review
Screenshot, PNG format
11.36 KB, image/png
Details
Additional screenshot, the reset button, PNG format
20.43 KB, image/png
Details
New implementation, as discussed.
12.07 KB, patch
Details | Diff | Splinter Review
New Master Password Preferences
21.21 KB, image/png
Details
New "asking for confirmation" dialog
10.21 KB, image/png
Details
Reset done confirmation
4.64 KB, image/png
Details
The changed "master password" pref overlay.
52.22 KB, image/jpeg
Details
The extra warning we use to emphasize the seriousness of this action
23.10 KB, image/jpeg
Details
confirmation that the password has been reset.
6.98 KB, image/jpeg
Details
Updated patch.
12.58 KB, patch
Details | Diff | Splinter Review
New Patch, implementing mpt's wishes
12.20 KB, patch
Details | Diff | Splinter Review
modern, new preferences
20.19 KB, image/gif
Details
modern, new prompter
10.71 KB, image/gif
Details
modern, confirmation
7.91 KB, image/gif
Details
classic, preferences overlay
22.41 KB, image/gif
Details
classic, new prompter
5.06 KB, image/gif
Details
classic, confirmation
3.57 KB, image/gif
Details
New revision of patch.
12.17 KB, patch
Details | Diff | Splinter Review
Missing title for Reset Master Password box
16.37 KB, image/gif
Details 
This feedback comes from various sources, including the N6 feedback page which
users can fill out.

Many users create a master password and then forget it.  They'd like a way to
reset it.  

We should create a "Reset Master Password" button which would live in the
Preferences window, under Privacy&Security/Master Passwords.

It should warn the user that this operation cannot be undone, and that it will
affect the following areas:
-Saved web names and passwords
-Personal certificates and keys
-Changes to the trust bits on web sites and CAs
etc.
Promoting to PSM 2.1, P2.  We're getting lots of requests for this feature in
the N6.1 feedback forms.

Can we do this?
Priority: -- → P2
Target Milestone: --- → 2.1
NSS already has a function PK11_ResetToken() which can be used to reset the key
database. The function turns off the user bits for the certs in the user
database, but does not perturb the existing trust and web server bits.

This function was added long ago to support this functionality, but was never
hooked up to the client (as usual).

Anyway the function has never been tested, but I just reviewed the code again
and I don't see any problems with it visually.

It's a generic function to reset any token, so it takes an SSO pin, which is ""
in the case of the internal token.

bob
From a user:

 Netscape 6.1 Problem
 
Primary Browser: 	ntsc61  
Operating System: 	Win98  
Language: 		English  
Issue Summary: 		master passwords
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
im trying to set a master password here cuz the
encryption item is checked......i wanted to
uncheck it and it keeps asking me for my master
password but  im having trouble making 1 cuz when
i try it wont accept it......help me here.....


Netscape 6.1 Problem
 
Primary Browser: 	ntsc61  
Operating System: 	WinME  
Language: 		English  
Issue Summary: 		Master Password/Web Password settings get corrupted
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://n/a
Issue Detail: 
Having set master password for encrypting passwords
earlier, and then going back and testing quality
of master password and then canceling out,
now the master password is not what was set and
can not use encryption because the master
password is now unknown!
 Netscape 6.1 Problem
 
Primary Browser: 	ntsc61  
Operating System: 	WinNT  
Language: 		English  
Issue Summary: 		Cannot enter password
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
I am trying to enter a master password for the
first time. It says "incorrect password". How can
it be incorrect, I haven't entered one yet?


->kai.
Kai, the implementation should either completely remove the cert db or it should
remove all personal certs and reset the password. The former is probably easier
to implement, but it may unnecessarily remove added CA cert, etc...

Because of the high volume of requests from users who set a password and then
forget it, we need to provide this functionality. Such users are also not
sophisticated enough to go and delete the cert and key db on their own.
Assignee: ssaux → kai.engert
Priority: P2 → P1
Status: NEW → ASSIGNED
Where should we add the button to remove the password?

One place where it should appear is "Preferences / Privacy / Master Password",
where we could add the new button "Reset Password" next to the "Change Password"
button.

I wonder if we also should add it to the prompter asking for the master password?

But if I remember correctly, the UI is already freezed for the 0.9.4 branch.
This feature would add new buttons to the UI. Are we allowed to do this, or are
we required to move this feature to 0.9.5?
Regarding the warning text: Although I know that we don't support S/MIME yet, I
wonder if we should already include the warning text, that this could influence
encrypted e-mail. Imagine a scenario in one year from now, where a user has two
versions of Mozilla (or Netscape) installed. An older one (based on 0.9.5 for
example), and a newer one, which already includes S/MIME. Both versions will
likely share the same profile. Resetting the token will have the effect of
losing the ability to read encrypted e-mail. Should we add this warning to the
text now?

We should not remove the cert database. As I noted in this bug already, there is
an existing NSS function which removes the key database, and markes the user
certs as normal certs (we could remove them if we wanted to as well).

Even without the function, removing the key database would be sufficient to get
90% of the functionality.

bob
I'm confused why you say we shouldn't delete the cert database, but only the key
database. Does some earlier comment suggest the cert database should be removed?
Regarding my comment to encrypted mail, I wanted to say that the user will lose
the private keys, will be unable to read old archived encrypted mail, and will
not be able to read encrypted mail from other people who still use the
certificate. Maybe the warning text should include, that on resetting the
password / key database, the user should go to their CA and ask for revocation
of the now unusable certs.

Your suggestion to use the PK11_ResetToken function looks great and makes fixing
this bug easy, I will use it.

Bob, I just saw why you noted we shouldn't remove the cert database, it was
mentioned in an earlier comment from Stephane that it could be done. Thanks for
clearing that this is not necessary.

kai
After talking with Bob Relyea and Bob Lord we think that the right thing to do
is to call PK11_ResetToken(). The extra button should be in the Master Password
overlay, where in a box between  the "Change Master password" box and the
"master password timeout" one.  The box should be very similar to the Change
master password:
Here's somewhat of a mockup: I'm not sure how much we want to warn the user in
terms of loosing any existing certs. The reality is that if they have forgotten
the password, they already have lost them.
--------------------------------
Reset Master Password

You can reset your master password if you have forgotten it. This action will
erase any personal certificates you may have.

<Reset Password>
-----------------------------------

When they click the button, we should have a "Are you sure" box pop up with an
ok/cancel button, although that's even more UI change, so we may want to skip
that, especially if we can find good warning language above.

I don't feel good with that suggestion. It makes it way too easy to delete all
your private keys and web passwords. Before I agree I'd at least want to discuss
what you think about the following.


A user could accidentially click this button, which would cause him lots of
trouble. A simple click shouldn't be enough to reset. Many people don't think
before they click, they just do it when they see such a button and are in a
hurry.

The "are you sure" dialog is required as a minimum in my opinion.

But I'd prefer going even one step further. In the "are you sure" dialog, I'd
display a random numeric "erase confirmation code" in a text label, and ask the
user to manually type that "erase confirmation code" (as opposed to ask a user
to simply type yes, which might cause problems for different language
distributions). That way, a user can't accidentially erase it, and will be
reminded to think about it carefully.

What about this:

In the place you suggested, let's add the new "Reset Password" button. The
dialog that pops up could look like that:

-------------------------------------------------------
Reset Master Password

(Explanation text that repeats what will happen,
in addition to warn the user, this should only be done,
if the password is really forgotton.
A listing should be shown, which parts of the security database will be erased,
i.e. personal certificates and web passwords.)

To protect yourself from accidentially erasing
the Master Password, you need to type in the following
Reset Confirmation Code: 83748         (<- random)

                                ------
Enter Reset Confirmation Code: |      |
                                ------

Are you really sure to reset and effectively delete as described above?
This operation can not be undone.

<Yes> <Cancel> <Help>
-------------------------------------------------------

Regardless of what we decide, I began implementing the parts that we need with
or without confirmation dialog.

I'm attaching a patch. It seems to work.

However, when you click the button twice, i.e. the function PK11_ResetToken is
called the second time, the application crashes.

I will provide more input on the crash. Should I open a separate bug?

Stack of crash:

#0  0x4176cda7 in hash4 (keyarg=0x89da5d6, len=4294963210) at
../../../mozilla/dbm/src/h_func.c:185
#1  0x4176a791 in __call_hash (hashp=0x82114d0, k=0x89da5d6
"±\217`[Û0ö\216ÐÕÚÚÚÚ)", len=4294963210) at ../../../mozilla/dbm/src/hash.c:1153
#2  0x41769ce0 in hash_access (hashp=0x82114d0, action=HASH_DELETE,
key=0xbfffc858, val=0x0) at ../../../mozilla/dbm/src/hash.c:859
#3  0x41769c46 in hash_delete (dbp=0x8211ed0, key=0xbfffc858, flag=0) at
../../../mozilla/dbm/src/hash.c:819
#4  0x41719a49 in SECKEY_ResetKeyDB (handle=0x820e858) at keydb.c:2444
#5  0x4170337c in NSC_InitToken (slotID=2, pPin=0x0, ulPinLen=0,
pLabel=0xbfffc8d4 "Software Security Device        $Éÿ¿çLfAH\e\"\b") at
pkcs11.c:2716
#6  0x416e8ff3 in PK11_ResetToken (slot=0x8221b48, sso_pwd=0x0) at pk11slot.c:4281


The error seems to happen inside function SECKEY_ResetKeyDB. On line
  ret = (* handle->db->del)(handle->db, &key, 0);
the variable key contains
  {data = 0x89da5d6, size = 4294963210}
which looks wrong. BTW, data contains a member with the a similar size (4294967286).
The loop iterates a few times, until it arrives at this invalid key.

The same crash happens reproducible when I restart the application and call
PK11_ResetToken.

I tested what happens when I have a fresh empty certificate database, i.e. the
one created by default during init. With this db, I can call PK11_ResetToken
multiple times without crashing.

I agree that we need to make sure people don't click on the button by accident.

I also like the confirmation dialog idea.  I think a 3-digit confirmation would
be good enough. 
I'll attach the updated implementation, which includes the suggested
confirmation dialog. The OK button only get's enabled when the user enters the
correct confirmation code (as displayed in the dialog).

I need assistance with good texts for the dialog. Sean, can you please help me?


Open a bug an the TokenReset Crash against NSS.

bob
NSS crash moved to bug 97614.
If someone wishes changes to the user interface (except wording, Sean is working
on it), please speak up.

After discussing this with some of the other writers and QA people, I'm
beginning to think that having the user type in a random number as kai has
proposed is a  bad idea that is likely to confuse users and lead to more QA
calls on this issue. 

From the user's point of view: What is this new number all of a sudden? Is this
my new master password? My old one? Should I write it down? Should I type it in
as my new password? Etcetera.

Any strategy that attempts to make people stop and think by (a) reading a bunch
of text and (b) doing something totally meaningless is dangerous. Chances are,
they won't read or understand the text and they'll assign their own random
meaning to the meaningless task.

Why not take advantage of user's ingrained habits and make Cancel the default,
highlighted button that's tied to the Enter key (rather than OK). Even people
(like me) who like to click rather than type tend to click the highlighted button. 

There is a successful model for this approach: The activation screen that comes
up with a new profile. The default is Activate. If you click Cancel, you get
another dialog that says, "Are you really sure you want to do this" etc., where
again the "best" course (OK in this case) is highlighted and Cancel is not.

So what I'm proposing is: Click Reset Master password, and you see a dialog with
some brief text that says something like, "you're about to do something really
dangerous, are you sure you want to?" It has three buttons, Cancel OK and Help,
with Cancel the default. If you click OK here, you get another dialog that says,
"Are you really really sure?" in which the Cancel button is again the default.
Only if they click OK this time will the password get changed.

It might also help to call the danger button something more dramatic than OK,
like "Destroy my old passwword."

I will work on some specific text for this proposal and post it later this
evening. If anybody has objections please speak up.

Sean:
It's ok to eliminate the number if you think that's a problem. I'm against
adding yet another dialog. The issue here is that we're past the UI freeze. Can
you take Kai's screen shot, ignore the blurb and input box, and rephrase the
text/buttons to give that sense of urgency.
Kai:
Can you prepare a patch that eliminates the check on the number.
I'd like to be able to go tomorrow to the approvers and tell them that we have
this UI issue.

OK, here's my proposed text.
 
-----------------
For the new Master Passwords prefs panel section called Reset Master Password:
-----------------

If you have forgotten your master password, you can reset it. 

Resetting your master password erases all your sensitive personal information,
including stored web and email passwords, form data, personal certificates, and
private keys.

[ Reset Password ]


-----------------
For the dialog titled Reset Master Password that appears when you click Reset
Password:
-----------------

WARNING: If you reset your master password, you will permanently erase all your
stored web and email passwords, form data, personal certificates, and private
keys. You should reset your master password only as a last resort if you have
forgotten it.

Are you sure you want to reset your master password and erase your sensitive
personal information?

[[ No ]]  [ Yes ]   [ Help ]

-----------------


Note that "No" above is highlighted and tied to the Enter key. Does it make
sense to put the highlighted button furthest to the left?

I think Yes or No in answer to a direct question is better in this case than OK
and Cancel. 

It would probably be better to make "Warning:" lowercase and boldface, but I'm
not sure if you can do that here.

What happens after you click Yes and the password for the selected token is
reset? Preferably, the Set Master Password dialog immediately appears, with the
appropriate token selected, and you set a brand new password without having to
specify the old one. Or, you return to the Master Passwords prefs panel, in
which case you need to click Change Password and (if there's a choice) select
the correct token. I hope it's the former. The latter may confuse some users.

I am working on new help for this, which I will check in as soon as you get
approval and check in the fix.
> -----------------
> For the dialog titled Reset Master Password that appears when you click Reset
> Password:
> -----------------
> 
> WARNING: If you reset your master password, you will permanently erase all your
> stored web and email passwords, form data, personal certificates, and private
> keys. You should reset your master password only as a last resort if you have
> forgotten it.
> 
> Are you sure you want to reset your master password and erase your sensitive
> personal information?
>
> [[ No ]]  [ Yes ]   [ Help ]

That's fine with me, I just want to note a personal experience I made in the
past. When users see such a message, stating that something dangerous will
supposed to happen if they click the wrong button, they get nervous and prefer
to see a cancel button. I count myself to the bunch of people who get nervous. A
cancel button states very clear that it is bound to "don't do it". With the
buttons yes and no, they have to be sure that they really understood the text.

I like your text, but what about these labels for the buttons:

[[Cancel]]  [Erase & Reset]  [Help]

I agree to your suggestion with the keys that are bound to the buttons. Both the
Escape key and the Enter key should be bound to Cancel.


> Note that "No" above is highlighted and tied to the Enter key. Does it make
> sense to put the highlighted button furthest to the left?

Yes, I agree.


> I think Yes or No in answer to a direct question is better in this case than OK
> and Cancel.

See above. I agree that OK is bad, but in this very special case, where we do
something irreperable, I think it is preferable to write the action directly
into the button. What do you think?


> It would probably be better to make "Warning:" lowercase and boldface, but I'm
> not sure if you can do that here.

You can use boldface. However, I think it can't be mixed within the same text,
you'd have to use two separate labels / text items in the dialog, and they can't
 be within the same paragraph. (Although I haven't tried yet)


> What happens after you click Yes and the password for the selected token is
> reset? Preferably, the Set Master Password dialog immediately appears, with the
> appropriate token selected, and you set a brand new password without having to
> specify the old one. Or, you return to the Master Passwords prefs panel, in
> which case you need to click Change Password and (if there's a choice) select
> the correct token. I hope it's the former. The latter may confuse some users.

Currently, it is the latter. I didn't want to force the users go to the new
password dialog, but if you think that is more logical, we can use the former.

Do you think we should let the user know, using an intermediate message, why
this dialog comes up? The user says "reset" and now we say "enter password".
Isn't that confusing?


And I tend to agree with Sean: Let's add the "are you really really sure"
dialog, even if this means another dialog. Our users will be thankful.

> Or, you return to the Master Passwords prefs panel, in
> which case you need to click Change Password and (if there's a choice) select
> the correct token. 

Please return to the prefs panel.  I believe the next time you try to save a web
password, the client will ask you to create a key3.db password.  Kai, can you
test that out?

> Let's add the "are you really really sure"
> dialog, even if this means another dialog. Our users will be thankful.

Let's leave it at one warning dialog for now.  There's only one extra click for
deleting your entire profile, so I don't see the value in the extra click here.
I like Kai's relabeling of the buttons, except that I think it should be "Reset
& Erase" to match the order in the preceding question, and the fact that this is
the "Reset Master Password" dialog. 

So the buttons should look like this:

[[ Cancel ]]  [ Reset & Erase ]  [ Help ]

I agree with Lord that we should return to the prefs panel. As Kai points out
there is potential confusion if you go straight to the set password dialog.
Hopefully Lord is right and you will get prompted to set the new master password
the next time it's needed, as is the case for a new profile with encryption
turned on. 

I also accept that the second dialog may be overkill.
> Please return to the prefs panel.  I believe the next time you try to save a web
> password, the client will ask you to create a key3.db password.  Kai, can you
> test that out?

I think that will happen, but I will test.


> Let's leave it at one warning dialog for now.  There's only one extra click for
> deleting your entire profile, so I don't see the value in the extra click here.

Ok, this argument is convincing.


Another question: Should we wait with checking this new feature in util bug
97614 has been fixed, i.e. should this one be dependent on 97614? If
PK11_ResetToken really caused trouble inside the cert database, the users would
have a hard time (as we can't repair the database), and they would have to
manually erase the cert databases anyway, so this new feature wouldn't help them
much.


 Netscape 6.1 Problem
 
Primary Browser: 	ntsc61  
Operating System: 	Win98  
Language: 		German  
Issue Summary: 		Masterkennwort ist schon installieren 
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
Masterkennwort ist schon installieren 
Masterkennwort kann nicht geändert werden, da ich
das Passwort nicht kenne.
Ich habe keines installiert? Löschen kann man es
auch nicht.

Babel Fish sez:
Master password is already installs master password cannot not be modified,
since I do not know the password. I installed none? To delete one cannot do it also.


 Netscape 6.1 Problem
 
Primary Browser: 	ie55  
Operating System: 	Win98  
Language: 		English  
Issue Summary: 		Problem setting master password in security. Always
displays-Incorrect password
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
Downloaded and installed Netscape 6.1 on a Pentium
II 450MHZ computer 256K memory, Windows 98 with
Internet Explorer 5.5 as primary browser.  Wanted
to set some preferences so website passwords would
be remembered in Netscape 6.1. For some reason 6.1
was asking me for a master password. When I
entered Password Manager for the first time to set
my master password - no matter what I typed for
the new password and retyped, I always received -
"Incorrect password entered". So I cannot set a
master password. Just for your info the popup
window to change master password dosen't display
properly on my monitor. The right side of the
window cuts off abour 1/3 of the info in the box
and I have to resize it to see all the text in the
set password window.


I'm sorry to say, but I found another crasher in combination with the reset
functionality. Certificate databases are instable once the reset feature has
been called.

I therefore make this bug dependent on bug 97614. I'll add more descriptions there.
Depends on: 97614
Please note, the previous three attachments are screenshots.
adding nsenterprise
Keywords: nsenterprise
Marking nsentreprise+
Keywords: nsenterprisensenterprise+
Whiteboard: PDT
As this code is only used for resetting the password of the internal token, we
remove the line showing "Software Security Device" from the warning dialog.
Attaching new patch.

Adding Paul Hangas, German Bauer, Michele Carlson to the cc list. We request
that these UI changes be approved.
Please review the examples of customer feedback regarding the problem this patch
fixes.
We have fixes for bug 97614 (we just need to move the NSS tag used by the client.

Note that Kai's latest patch changes the reset password dialog just a bit by
removing the "Security Device: software security device" line in the dialog.
This is not needed.

I would hope that the following problems are fixed before this is checked in to 
the trunk.

1.  Make sure that the additions to the the prefs panel fit completely
    (including the bottom of the group box) in Modern, Windows Classic, and Mac
    Classic. This is (to use Ben Goodger's words) `a non-optional requirement'.

2.  Remove the capitalized `WARNING:' and boldness from the text. Communicating
    danger is the role of the /!\ icon, not the text. Compare with the alert
    for formatting your hard disk on Windows or Mac OS, neither of which resort
    to boldness or capitalization.

3.  Shorten the text in the confirmation alert to two sentences or fewer.
    Otherwise people won't bother reading it, which could be dangerous. I
    suggest:
    +---------------------------------------------------+
    |:::::::::::::::::::::::::::::::::::::::::::::::::::|
    +---------------------------------------------------+
    |   .   If you reset your master password, all your |
    |  /!\  stored Web and e-mail passwords, form data, |
    |  """  personal certificates, and private keys     |
    |       will be forgotten. Are you sure you want to |
    |       do this?                                    |
    |                                                   |
    |  [?]                       (( Cancel )) ( Reset ) |
    +---------------------------------------------------+

4.  Use the appropriate overlay so that the buttons in the confirmation alert
    are the correct order on each platform. Otherwise users could easily click
    the wrong button by mistake, which would be dangerous. Ask Håkan if you
    need help here.
    Windows:             [ Reset ] [[ Cancel ]] [ Help ]
    Mac OS:  [?]                  (( Cancel )) ( Reset )

5.  Fix the `Your password has been reset' alert so that it uses the (i) note
    icon rather than the /!\ danger icon.
OS: other → All
Hardware: PC → All
I agree with mpt's proposed rewording for the warning alert. The boldface etc.
is overkill, his version is clear and concise.
r=ddrinan.
mpt: Thanks a lot for your comment. It makes sense, but I can't implement this
quickly.

I need to get this feature checked in to the branch until Monday. While I would
be able to fix your points 1 (by shortening the text), 2 and 3, I might not be
able to fix 4 and 5 until then. My understanding is, the overlays don't support
changing the text yet, but we want the text "Reset" inside the OK button
instead. And 5 would require writing a separate XUL, as the standard prompt
service doesn't support the info icon yet. Or we'd required to change the prompt
service, but I guess this won't be accepted for the branch?


Hmm, I'm wrong with 4, the text can be changed from the onLoad function. Ok,
should I try to get these changes implemented, or can the patch be accepted as
it is?

Reviewers:
The purpose of this bug is to provide a way for the end-user customer to reset
their master password without having to create a new profile.
This feature is not used frequently, but it's extremely important for the
usability of the product. I do understand that many improvements can be made to
the specfic UI elements Kai has come up with, but we need to keep in mind the
original purpose of this bug which is to *provide a way to reset one's master
password*, and to provide it within a reasonable timeframe.
If any of the UI problems that the current implementation has make it impossible
or unduly difficult for a user to *reset one's master password* then by all
means we should fix these.  Otherwise it is reasonable to get this feature in
(with any easy improvements we can squeeze in), and then open new bugs for
issues that we can't possible get in in a reasonable time frame.

Suggestion for the text under "Reset Master Password" in the preferences overlay
(to lose a line and fit better with other themes):

---------
If you have forgotten your master password, you can reset it.

When you reset your master password, all your stored web and e-mail passwords,
form data, personal certificates, and private keys will be erased.
---------

Note lowercase for "web." Although Web may be preferable, "web" lowercase
appears several other places in the preferences, and at this point I think it's
better to be consistent within the local context, get the new feature checked
in, and fix the capitalization globally (if Web is in fact preferred) later.

So I'd recommend lowercase "web" for mpt's warning text, as well.
I wonder if we should make it even shorter. What about no longer using two
separate paragraphes, and removing what is repeated in the second paragraph? We
could write:

------------------
If you have forgotten your master password, you can reset it. This will erase
your stored web and e-mail passwords, form data, personal certificates and
private keys.
------------------

Is this still ok?

And regarding the help topic: I changed the implementation to use the default
help buttons, and this currently opens the following URL:
  chrome://help/locale/passwords_help.html#Reset_Master_Password

Could we move your new help texts there, or should I try to change it to the URL
we discussed?

I prefer the two paragraphs, and repetition, because I think it's a bit clearer.
The antecedent of "this" is not necessarily obvious in your version. Also
keeping the line about forgetting your password as a separate paragraph helps to
emphasize that circumstance, since it's the only reason most people would want
to do this.

But these are nits--go ahead with your change if my revised text still won't fit
in some circumstances (but if you do, add a series comma after "personal
certificates").

Re the help button for the warning dialog, this is based on the target you gave
me ("?reset_pwd"), which I checked into help.js yesterday. The URL
chrome://help/locale/passwords_help.html#Reset_Master_Password is correct, and
the help button is doing what it should do. I just haven't added the heading,
tag, and text to passwords_help.html yet.

I'll add the new text to the trunk today, since it sounds like you're about to
land there. I'll wait until we know you can get onto the branch before adding it
there. I am being cautious because I don't want help to end up describing a
feature that isn't really present.
Well, mpt said, we should try to use a minimum of text, that's one reason why I
shortened it. Another one is, English is a rather short language, and I wanted
to have some additional space left for the other languages.

If you dislike "This will...", another suggestion closer to yours: We could just
leave out "When you reset your master password" and write "All your stored web
and e-mail passwords, form data, personal certificates, and private keys will be
erased." keeping the two separate paragraphs.

I will add the comma as you suggested. I thought you made an error when you
wrote "certificates, and" because in the german language we never use a comma in
front of the word "and". I thought this rule would apply to the english
language, too.

Re the help button: Ok, and I finally found out how I can call the help topic we
talked about, so were are in sync.

Will attach new patch and screenshots now.

strres.js should not be used anymore, please use its <stringbundle/> equivalent.

Why do you have to roll your own alert like that?  Why can't you use 
CommonDialog.xul?

If I was in a conversation with you and I said "Are you sure you want to do 
this?", would your answer be "Reset" or "Cancel"?  (I think we need to change or 
remove that sentence, not rename the buttons).
blakeross:

- Do you know the exact code that I should use instead of strres.js? Where can I
find it?

- I roll my own dialog, because I don't know CommonDialog.xul yet.

- Please make a constructive suggestion for a better text.


r=ddrinan.
The final design looks good to me.
german: are you really approving a dialog which asks the question: "Are you sure
you want to do this?" and gives you the possible answers: [Reset] [Cancel] [Help] ?

Blake is right. A good option would be to remove the last sentence.

Gerv
I'm not so sure that removing the last sentence is a good idea. (This wording
was proposed by mpt, if that makes any difference). Is clicking "Reset" in a
dialog labeled "Reset Master Password" really so confusing? If the sentence
causes people to pause a bit and think about what they're doing, that's what we
want. Resetting the master password is a last-resort solution that should not be
clicked through in a hurry.

With or without the sentence, let's get this thing checked in and worry about
the details later. No reset password button is much, much worse than a reset
password button that people have to stop and think about using.
Having saluted the "Why Wait for Spring, Do It Now" flag, it occurs to me that
"Are you sure you want to reset your master password?" might be a better
alternative for the last sentence. Repetitive, but it shouldn't add any lines
and it's clearer.


New Patch. Changes are:

- <stringbundle> is now used instead of strres.js

- Sean's text for the final question in the alert prompter being used.

I talked with blake. It is not possible to use the nsIPromptService and the info
icon as he suggested, as currently help buttons and the info icon are not
supported, therefore we keep the current code.

Blake suggested to use the overlay <keyset id="dialogKeys". However, this would
change our intended behaviour. We explicitly wanted the default action in the
dialog to be cancel. That's the reason why the cancel button is indicated as the
default button in the dialog. We can't use this overlay if we want this special
behaviour.

I assume we don't want the user to erase everything by simply pressing enter, or
do we?

Let me know, if updated screenshots are required.

sr=blake
Patch checked in to trunk, closing bug.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Bob, thanks for reporting. This "missing label" was introduced by a last minute
fix which I checked in as suggested by jag on IRC, as my original code was
considered to use an obsolete XUL tag. When I checked this in, we introduced the
new problem.

I tested the new fix, it works, and already checked it in.


    
    

    
  
Reopening.  This is on the trunk but needs to be on the branch as well.
marking nsbranch+
Status: RESOLVED → REOPENED
Keywords: nsbranch+
Resolution: FIXED → ---

    
  
Keywords: patch
Whiteboard: PDT → PDT, on trunk, waiting for 0.9.4 check in

    
  
Depends on: 99525

    
    

    
  
 Netscape 6.1 Problem
 
Primary Browser: 	ntsc61  
Operating System: 	Win98  
Language: 		English  
Issue Summary: 		Master Password
Component: 		Security
Doing What: 		Other  Trying to set up a master password
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
When I attempt to set a master password - since
there is no previous password - I simply enter the
password in the 'new' area and in the 'confirm' area.

I get kicked with a 'incorrect password entered'
message.  Since there was no previous password
there can not be an incorrect one entered and
since I'm entering the password from the clipboard
the two entried are identical.

How do you enter that first password???

TIA

    
    

    
  
 Netscape 6.1 Problem
 
Primary Browser: 	ntsc4x  
Operating System: 	Win98  
Language: 		English  
Issue Summary: 		Master password.  Have no idea what it is.
Component: 		Security
Doing What: 		Changing preferences  
Severity: 		SomethingDidNotWorkRight  
Can Reproduce: 		Always
Try this URL: 		http://
Issue Detail: 
It wants a master password and I have no idea what
it is.  I didn't set it up.  Can't change it .
Book states use preferences/Privacy and security,
choose password manager. There is no password
manager under privacy and security.  Think I will
go back to 4.77



    
    

    
  
PDT+ per bug discussion
Whiteboard: PDT, on trunk, waiting for 0.9.4 check in → PDT+, on trunk, waiting for 0.9.4 check in

    
    

    
  
Patch checked in to 094 branch, closing bug.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED

    
    

    
  
Verified 20010917 build 

    
    

    
  
Marking VERIFIED as per Lakshmi Gopal's (QA engineer) comment.

Status: RESOLVED → VERIFIED

    
  
Product: PSM → Core

    
  
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: