Open Bug 1261977 Opened 9 years ago Updated 7 months ago

Prompt users to set a primary password upon first password save

Categories

(Toolkit :: Password Manager, enhancement, P3)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: furkan-akbulut, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: dupeme, Whiteboard: [passwords:master-password] [passwords:primary-password])

Attachments

(1 file)

Find out the login data and password in an old harddisk.pdf
366.46 KB, application/pdf
Details 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586

Steps to reproduce:

I get a old ssd harddisk. I looking for the Profile Directory of Firefox. After that I look for the file login.json and key3.db. I copy this profile files into my directory and replace the two same files. After i restart my Firefox browser. The result: i can see the password and the login data from the owner of the harddisk in the security settings of Firefox. 


Actual results:

I have the chance to get all passwords and login dates if i get the two files of the profile.
1. USB with an small software which searching the two files on an computer /old harddisk
2. If you find the files make a copy
3. Take the usb and copy the files into my Profile Directory
4. Looking for save password in the security setting of firefox


Expected results:

I think the best way is to stop the automatic saving password. A lots of people using this setting, because it saves a lots of time. Or the 2 files in the profile directory must be safed with an id or a password.
Severity: normal → critical
Component: Untriaged → Security
OS: Unspecified → Windows 10
Priority: -- → P1
Hardware: Unspecified → x86_64
Summary: Password and Login data find out easy way → To find out password / login without encrypt key3.db and logins.json
Pretty sure this is a duplicate request. Long ago we used to have an interstitial explanatory panel the popped up when a user was about to save their first password, asking the user to choose explicitly between unencrypted and using a master password. It was removed based on user feedback.
Group: core-security
Status: UNCONFIRMED → NEW
Component: Security → Password Manager
Ever confirmed: true
Product: Firefox → Toolkit
Summary: To find out password / login without encrypt key3.db and logins.json → Encrypt saved passwords by default (or don't save them); discovering passwords on old hardware
Priority: P1 → --
We could put this in a promo box like the sync one that appears below the capture doorhanger the first N times but that depends on whether UX thinks it will scare users. Another possible solution is bug 1194529 depending on who you're trying to stop from accessing the saved passwords locally.
Severity: critical → enhancement
Status: NEW → UNCONFIRMED
Ever confirmed: false
OS: Windows 10 → All
Hardware: x86_64 → All
Summary: Encrypt saved passwords by default (or don't save them); discovering passwords on old hardware → Prompt users to set a master password upon first password save
Whiteboard: [DUPEME]
Whiteboard: [DUPEME] → [passwords:master-password] [DUPEME]
Keywords: dupeme
Whiteboard: [passwords:master-password] [DUPEME] → [passwords:master-password]
Priority: -- → P3

(In reply to Matthew N. [:MattN] (PM me if request are blocking you) from comment #2)

We could put this in a promo box like the sync one that appears below the
capture doorhanger the first N times but that depends on whether UX thinks
it will scare users. Another possible solution is bug 1194529 depending on
who you're trying to stop from accessing the saved passwords locally.

I think making it explicit clear that passwords are stored in the open is just good practice. In this case, scaring a user is a good thing. Don't make creating a master password an option, it is irresponsible these days.

(In reply to John King from comment #5)

I think making it explicit clear that passwords are stored in the open is just good practice.

Passwords are never stored in plaintext but without a master password having the salt (stored in key*.db) is enough to decrypt them.

In this case, scaring a user is a good thing. Don't make creating a master password an option, it is irresponsible these days.

If you use whole disk encryption and lock your operating system account when you're away from the computer then that is sufficient to stop local attacks.

Whiteboard: [passwords:master-password] → [passwords:master-password] [passwords:primary-password]
Summary: Prompt users to set a master password upon first password save → Prompt users to set a primary password upon first password save

I think this would be a good idea.
Consider, for example, things like the recent scams where people are tricked into screen sharing with control by a caller. In that case it is very easy to upload the files somewhere and get access to all passwords.
Or just having access to someone else's computer. There is a difference between being able to go to the settings and read passwords and just being able to log into some site on the spot.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: