|
|
| (36 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| = Goals =
| | [[File:Password Manager icon.png|right|Password manager key icon]] |
| | The Toolkit password manager is responsible for remembering usernames and passwords (aka. logins) on sites and allowing the user to autofill or autocomplete it upon returning to the website. |
|
| |
|
| * Add integration with OS X's Keychain | | * Bug tracking: |
| * Use MozStorage for on-disk file (instead of current weird text format) | | ** Components: |
| * Implement some form of per-site password hashing (anti-phishing too?) | | *** [https://bugzilla.mozilla.org/buglist.cgi?component=about:logins&product=Firefox&bug_status=__open__ Firefox::about:logins] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Firefox&component=about:logins File a bug]) for [[Toolkit:Password_Manager/about:logins|about:logins]] |
| * Improve code security and readability by porting to a JS component. | | *** [https://bugzilla.mozilla.org/buglist.cgi?component=Password%20Manager&product=Toolkit&bug_status=__open__ Toolkit::Password Manager] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit&component=Password%20Manager File a bug]) |
| * Close out some of the [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&component=Password+Manager&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=2006-01-01&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= 237 open bugs] for Password Manager | | *** [https://bugzilla.mozilla.org/buglist.cgi?component=Password%20Manager:%20Site%20Compatibility&product=Toolkit&bug_status=__open__ Toolkit::Password Manager: Site Compatibility] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit&component=Password%20Manager:%20Site%20Compatibility File a bug]) |
| * UI improvements | | ** [https://docs.google.com/spreadsheets/d/1VQuZoC6-i9wgtHAqk08IHUj7zXy1cvKjchNY8WExVXE/edit#gid=0 Current Backlog] | [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=pri%3AP1%20OR%20pri%3AP2%20prod%3DToolkit%20comp%3APassword%20&list_id=14542888 P1/P2 bugs] | [https://telemetry.mozilla.org/probe-dictionary/?search=pwmgr Telemetry probes] | [https://mnoorenberghe.github.io/password-bugs/ meta bugs] | [http://mzl.la/1Enx1bl Unassigned Mentored Bugs] |
| | * Preferences: <code>signon.*</code> |
| | * Code: |
| | ** [https://searchfox.org/mozilla-central/source/browser/components/aboutlogins/ browser/components/aboutlogins/] for [[Toolkit:Password_Manager/about:logins|about:logins]] |
| | ** [https://searchfox.org/mozilla-central/source/toolkit/components/passwordmgr/ toolkit/components/passwordmgr/] |
| | * Mailing List: [https://mail.mozilla.org/listinfo/passwords-dev passwords-dev] |
| | * Chat: [https://matrix.to/#/!rULHhrUvckJYfNKouF:mozilla.org?via=mozilla.org&via=t2bot.io #lockwise-desktop] |
| | * QA documentation: |
| | ** [https://docs.google.com/document/d/1l2-I4YsufNEv7kCiHQDvs3FCXM1A11GKstLnlJbX_gs/edit General Password Manager] |
| | ** [https://docs.google.com/document/d/1NTqXN2OgqBALMlPZhKJpz6xML434Zw9Riapt-VqyB5I/edit?usp=sharing Login CSV Export] |
|
| |
|
| == Robustness to Site Changes == | | == Priority Bugs == |
| '''XXX - this text should be rolled into a (existing?) bug.'''
| |
|
| |
|
| Firefox stores passwords with this metadata:
| | (Not including [[Toolkit:Password_Manager/about:logins|about:logins]] bugs) |
|
| |
|
| domain usernamefield passwordfield username password
| | === P1 === |
| | <!-- |
| | var str = ""; |
| | for (let [k,v] of new URLSearchParams(window.location.search)) { |
| | str += `"${k}": "${v}",\n`; |
| | } |
| | --> |
| | <bugzilla> |
| | { |
| | "priority": "P1", |
| | "v4": "[passwords:", |
| | "f1": "keywords", |
| | "o3": "substring", |
| | "list_id": "15004848", |
| | "v3": "Password Manager", |
| | "o1": "nowords", |
| | "j2": "OR", |
| | "resolution": "---", |
| | "f4": "status_whiteboard", |
| | "f3": "component", |
| | "f2": "OP", |
| | "o4": "substring", |
| | "f5": "CP", |
| | "v1": "meta", |
|
| |
|
| Then uses the usernamefield/passwordfield values as hints to find the appropriate <input> elements within a webpage by matching them to the "name" attribute.
| | "include_fields": "id, summary, severity, assigned_to, keywords, whiteboard", |
| | "order": "assigned_to" |
| | } |
| | </bugzilla> |
|
| |
|
| Unfortunately this means that when a website redesigns and changes the un/pw field names, the effect on the end user is that the password is "forgotten".
| | === P2 === |
|
| |
|
| As a backup, when usernamefield/passwordfield fail to match, Password Manager should attempt to discover the password field manually, using a technique similar to what Camino uses.
| | <bugzilla> |
| | { |
| | "priority": "P2", |
| | "v4": "[passwords:", |
| | "f1": "keywords", |
| | "o3": "substring", |
| | "list_id": "15004848", |
| | "v3": "Password Manager", |
| | "o1": "nowords", |
| | "j2": "OR", |
| | "resolution": "---", |
| | "f4": "status_whiteboard", |
| | "f3": "component", |
| | "f2": "OP", |
| | "o4": "substring", |
| | "f5": "CP", |
| | "v1": "meta", |
|
| |
|
| This is needed for another reason - passwords stored by other browsers such as Camino and Safari are stored in the KeyChain WITHOUT username/password field hints - so un/pw field discovery must be manual.
| | "include_fields": "id, summary, severity, assigned_to, keywords, whiteboard", |
| | "order": "assigned_to" |
| | } |
| | </bugzilla> |
|
| |
|
| Security heads up: Make sure that passwords are never restored into input fields which are hidden. Compare full domain name, do not do partial compares of domain names.
| | ==== Site Compatibility ==== |
|
| |
|
| == Mac OS X Integration ==
| | <bugzilla> |
| | { |
| | "f1": "component", |
| | "o1": "equals", |
| | "v1": "Password Manager: Site Compatibility", |
| | "f3": "keywords", |
| | "o3": "nowords", |
| | "v3": "meta", |
| | "priority": "P2", |
| | "resolution": "---", |
| | "include_fields": "id, summary, priority, severity, assigned_to, keywords, whiteboard", |
| | "order": "assigned_to" |
| | } |
| | </bugzilla> |
|
| |
|
| (See also [https://bugzilla.mozilla.org/show_bug.cgi?id=106400 bug 106400].)
| | == Architecture == |
| | * [[Toolkit:Password Manager/Glossary|Glossary of terms]] |
| | * [https://docs.google.com/document/d/1tsRQlGG5fatPo53paR1ZYL8_fox86IUEHuwhonMqaHY/edit Rough intro document] |
|
| |
|
| Mac OS X provides an application called Keychain Services which manages passwords and certificates for all applications including web browsers. It provides default encryption of the passwords and certificates using the user's login password, locks and unlocks the chain per application etc. Basically everything we've had to re-implement for our password manager (including Master Password etc).
| | [[File:PasswordManagerRelationships.svg|1000px]] |
|
| |
|
| We should transition to using Keychain Sevices as the "out of the box" back end for storing passwords and certificates. This will allow users transitioning from Safari and Camino to bring across their site passwords in addition to their Bookmarks, Preferences and other data for the optimal user experience.
| | [[File:PasswordManagerAutocomplete.svg|1000px]] |
|
| |
|
| We should retain the existing back end in code for Windows and Linux, and for Mac OS X 1.0 users who have established password and certificates collections. We need some heuristic for detecting whether or not Firefox is the default browser, has an established password collection etc so we can determine which back end to use.
| | == See Also == |
| | | {{subpagelist}} |
| We might also offer a hidden pref to let users toggle between the two in case the heuristic breaks down.
| | [[Firefox:Password_Manager:UI]] |
| | |
| The integration is very simple - where we retrieve password and certificate data from our password and certificate store now, we alternate on some preference value ("use keychain") - if not, use the old way, if so, call SecKeychainFindInternetPassword to get the value.
| |
| | |
| By keeping the integration at this very low level we can minimize the impact of the changes and retain the functionality that Firefox users expect - dropdown showing choice of options (multiple options can be stored in our signons file - we just don't store the passwords and certificates there) - we can even add metadata (username/password field name attribute values) when we discover them to the signon file, which at that point just becomes a metadata storage point.
| |
| | |
| === Dependencies ===
| |
| | |
| Two dependencies for Keychain Services integration on Mac OS X:
| |
| | |
| * the ability to open Keychain Services from Preferences (add a method or constant to nsI*ShellService)
| |
| * the ability to detect if default browser (implemented on Windows but not MacOS X) (this may prove challenging in addition since nsIShellService is a browser API, not a toolkit one where password manager lives. Maybe it should move, or become more generic)
| |
| | |
| == UI Improvements ==
| |
| | |
| I asked Beltzner on IRC if he had any desired improvements, and came up with the following:
| |
| | |
| * The "Should Firefox remember this password?" dialog shouldn't block the loading of the new page.
| |
| * Password generation (eg, hash site name and a common password.) Has anti-phishing benefits because user doesn't even really know their own password.
| |
| * Filter or search functionality in the list in the "Show Passwords" dialog box. When passwords rise over 100, it becomes difficult to find a specific password.
| |
| * Password entry outside of content. InfoCard or something like it?
| |
| * Simplify language (eg, remove "HTTP Password Required").
| |
| TBD.
| |
| | |
| = Existing Extensions =
| |
| | |
| The following password-management extensions are on addons.mozilla.org, and give some indication of what kind of features people find useful.
| |
| | |
| * [https://addons.mozilla.org/firefox/1033/ PwdHash] 226
| |
| * [https://addons.mozilla.org/firefox/469/ PasswordMaker] 525
| |
| * [https://addons.mozilla.org/firefox/750/ AI Roboform Toolbar] 3615
| |
| * [https://addons.mozilla.org/firefox/3282/ Password Hasher] 1708
| |
| * [https://addons.mozilla.org/firefox/3825/ Annoyance Remover] 286
| |
| * [https://addons.mozilla.org/firefox/1890/ LoginManager] 568
| |
| * [https://addons.mozilla.org/firefox/4429/ Secure Login] 3567
| |
| * [https://addons.mozilla.org/firefox/135/ SecurePassword Generator] 739
| |
| * [https://addons.mozilla.org/firefox/3208/ Fire Encrypter] 1166 (mainly encryption, but has a "secure password generator")
| |
| * [https://addons.mozilla.org/firefox/2848/ Password Exporter] 88
| |
| * [https://addons.mozilla.org/firefox/3476/ SignupShield] 89
| |
| * [https://addons.mozilla.org/firefox/1275/ Master Password Timeout] 586
| |
| * [https://addons.mozilla.org/firefox/2186/ WiKID] 6 (2-factor auth)
| |
| * [https://addons.mozilla.org/firefox/2667/ 1passwd] 35
| |
| * [https://addons.mozilla.org/firefox/1222/ Passguard Login Manager] 53
| |
| * [https://addons.mozilla.org/firefox/670/ Password Composer] 6
| |