Ubuntu
firefox package

  1. Bug #217300
  2. Comment #97

Comment 97 for bug 217300

Revision history for this message
In , 2-brian (2-brian) wrote :

(In reply to David Keeler (:keeler) from comment #89)
> * It still needs (at least) a review from a PSM peer. As far as I know, Kai
> is unavailable to do PSM reviews. Other peers are listed here:
> https://wiki.mozilla.org/Modules/All (search for "PSM")

I am the PSM module owner but I am not even a peer in the toolkit or Firefox modules where the password manager lives. I am very interested in removing all the master password prompts on all platforms.

I know very little about Linux compared to most of the people CC'd on this bug; please be patient with me if I say something stupid.

1) I see in the patch that this is a build option that is off by default. I would prefer it to be ON by default for all Linux desktop builds, and if libsecret isn't available at runtime, then we just don't use it and we disable the Firefox UI related to the Gnome Keyring. Is there anything inherently wrong with doing it this way?

2) The patch contains a prompt that asks "Do you want to save master password to system password manager?" But, this seems like the wrong question. I think, instead, the "Change Password" dialog box should look something like this:

    (*) Protect my data with my system password (recommended)
    ( ) Use a master password:
        New Password: [ ]
        Confirm Password: [ ]
    ( ) Don't protect my data

If we did it this way, then we wouldn't need that separate prompt. Also, this UI would work for all operating systems, AFAICT. (Note: I am not a UX person and in theory a UX person should design the UI for this. However, this may get blocked for a long time if we wait for a UX person to design it, so I suggest you build a prototype UI and have the UX people review it. If it works well on Linux then we could port the same UI to other platforms.)

3) The Gnome keyring should never store/protect a password that the user entered. Instead, it should store a randomly-generated key (e.g. 32 bytes of randomness from nsIRandomGenerator, or similar). NSS's protection of the master password is very weak, and also users will almost always choose relatively weak passwords, so using a random key as the NSS password is important.

4) Some people at Mozilla are working on this "Sign into the browser" / "Profile in the Cloud" thing, of which Sync is a part. See https://wiki.mozilla.org/Identity/AttachedServices. I think it is important to make sure that the people working on this feature discuss it with the the Identity people to make sure that this work and that work is compatible/complementary.