Toolkit:Password Manager: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(→‎Existing Extensions: add Password Finder)
(→‎Architecture: Link to Glossary)
 
(35 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Goals =
[[File:Password Manager icon.png|right|Password manager key icon]]
The Toolkit password manager is responsible for remembering usernames and passwords (aka. logins) on sites and allowing the user to autofill or autocomplete it upon returning to the website.


* Add integration with OS X's Keychain
* Bug tracking:
* Use MozStorage for on-disk file (instead of current weird text format)
** Components:
* Implement some form of per-site password hashing (anti-phishing too?)
*** [https://bugzilla.mozilla.org/buglist.cgi?component=about:logins&product=Firefox&bug_status=__open__ Firefox::about:logins] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Firefox&component=about:logins File a bug]) for [[Toolkit:Password_Manager/about:logins|about:logins]]
* Improve code security and readability by porting to a JS component.
*** [https://bugzilla.mozilla.org/buglist.cgi?component=Password%20Manager&product=Toolkit&bug_status=__open__ Toolkit::Password Manager] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit&component=Password%20Manager File a bug])
* Close out some of the [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&component=Password+Manager&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=2006-01-01&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= 237 open bugs] for Password Manager
*** [https://bugzilla.mozilla.org/buglist.cgi?component=Password%20Manager:%20Site%20Compatibility&product=Toolkit&bug_status=__open__ Toolkit::Password Manager: Site Compatibility] ([https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit&component=Password%20Manager:%20Site%20Compatibility File a bug])
* UI improvements
** [https://docs.google.com/spreadsheets/d/1VQuZoC6-i9wgtHAqk08IHUj7zXy1cvKjchNY8WExVXE/edit#gid=0 Current Backlog] | [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=pri%3AP1%20OR%20pri%3AP2%20prod%3DToolkit%20comp%3APassword%20&list_id=14542888 P1/P2 bugs] | [https://telemetry.mozilla.org/probe-dictionary/?search=pwmgr Telemetry probes] | [https://mnoorenberghe.github.io/password-bugs/ meta bugs] | [http://mzl.la/1Enx1bl Unassigned Mentored Bugs]
* Preferences: <code>signon.*</code>
* Code:
** [https://searchfox.org/mozilla-central/source/browser/components/aboutlogins/ browser/components/aboutlogins/] for [[Toolkit:Password_Manager/about:logins|about:logins]]
** [https://searchfox.org/mozilla-central/source/toolkit/components/passwordmgr/ toolkit/components/passwordmgr/]
* Mailing List: [https://mail.mozilla.org/listinfo/passwords-dev passwords-dev]
* Chat: [https://matrix.to/#/!rULHhrUvckJYfNKouF:mozilla.org?via=mozilla.org&via=t2bot.io #lockwise-desktop]
* QA documentation:
** [https://docs.google.com/document/d/1l2-I4YsufNEv7kCiHQDvs3FCXM1A11GKstLnlJbX_gs/edit General Password Manager]
** [https://docs.google.com/document/d/1NTqXN2OgqBALMlPZhKJpz6xML434Zw9Riapt-VqyB5I/edit?usp=sharing Login CSV Export]


== Robustness to Site Changes ==
== Priority Bugs ==
'''XXX - this text should be rolled into a (existing?)  bug.'''


Firefox stores passwords with this metadata:
(Not including [[Toolkit:Password_Manager/about:logins|about:logins]] bugs)


domain  usernamefield  passwordfield  username  password
=== P1 ===
<!--
var str = "";
for (let [k,v] of new URLSearchParams(window.location.search)) {
  str += `"${k}": "${v}",\n`;
}
-->
<bugzilla>
{
"priority": "P1",
"v4": "[passwords:",
"f1": "keywords",
"o3": "substring",
"list_id": "15004848",
"v3": "Password Manager",
"o1": "nowords",
"j2": "OR",
"resolution": "---",
"f4": "status_whiteboard",
"f3": "component",
"f2": "OP",
"o4": "substring",
"f5": "CP",
"v1": "meta",


Then uses the usernamefield/passwordfield values as hints to find the appropriate <input> elements within a webpage by matching them to the "name" attribute.
  "include_fields": "id, summary, severity, assigned_to, keywords, whiteboard",
  "order": "assigned_to"
}
</bugzilla>


Unfortunately this means that when a website redesigns and changes the un/pw field names, the effect on the end user is that the password is "forgotten".
=== P2 ===


As a backup, when usernamefield/passwordfield fail to match, Password Manager should attempt to discover the password field manually, using a technique similar to what Camino uses.
<bugzilla>
{
"priority": "P2",
"v4": "[passwords:",
"f1": "keywords",
"o3": "substring",
"list_id": "15004848",
"v3": "Password Manager",
"o1": "nowords",
"j2": "OR",
"resolution": "---",
"f4": "status_whiteboard",
"f3": "component",
"f2": "OP",
"o4": "substring",
"f5": "CP",
"v1": "meta",


This is needed for another reason - passwords stored by other browsers such as Camino and Safari are stored in the KeyChain WITHOUT username/password field hints - so un/pw field discovery must be manual.
  "include_fields": "id, summary, severity, assigned_to, keywords, whiteboard",
  "order": "assigned_to"
}
</bugzilla>


Security heads up: Make sure that passwords are never restored into input fields which are hidden. Compare full domain name, do not do partial compares of domain names.
==== Site Compatibility ====


== Mac OS X Integration ==
<bugzilla>
{
  "f1": "component",
  "o1": "equals",
  "v1": "Password Manager: Site Compatibility",
  "f3": "keywords",
  "o3": "nowords",
  "v3": "meta",
  "priority": "P2",
  "resolution": "---",
  "include_fields": "id, summary, priority, severity, assigned_to, keywords, whiteboard",
  "order": "assigned_to"
}
</bugzilla>


(See also [https://bugzilla.mozilla.org/show_bug.cgi?id=106400 bug 106400].)
== Architecture ==
* [[Toolkit:Password Manager/Glossary|Glossary of terms]]
* [https://docs.google.com/document/d/1tsRQlGG5fatPo53paR1ZYL8_fox86IUEHuwhonMqaHY/edit Rough intro document]


Mac OS X provides an application called Keychain Services which manages passwords and certificates for all applications including web browsers. It provides default encryption of the passwords and certificates using the user's login password, locks and unlocks the chain per application etc. Basically everything we've had to re-implement for our password manager (including Master Password etc).  
[[File:PasswordManagerRelationships.svg|1000px]]


We should transition to using Keychain Sevices as the "out of the box" back end for storing passwords and certificates. This will allow users transitioning from Safari and Camino to bring across their site passwords in addition to their Bookmarks, Preferences and other data for the optimal user experience.  
[[File:PasswordManagerAutocomplete.svg|1000px]]


We should retain the existing back end in code for Windows and Linux, and for Mac OS X 1.0 users who have established password and certificates collections. We need some heuristic for detecting whether or not Firefox is the default browser, has an established password collection etc so we can determine which back end to use.
== See Also ==
 
{{subpagelist}}
We might also offer a hidden pref to let users toggle between the two in case the heuristic breaks down.
[[Firefox:Password_Manager:UI]]
 
The integration is very simple - where we retrieve password and certificate data from our password and certificate store now, we alternate on some preference value ("use keychain") - if not, use the old way, if so, call SecKeychainFindInternetPassword to get the value.
 
By keeping the integration at this very low level we can minimize the impact of the changes and retain the functionality that Firefox users expect - dropdown showing choice of options (multiple options can be stored in our signons file - we just don't store the passwords and certificates there) - we can even add metadata (username/password field name attribute values) when we discover them to the signon file, which at that point just becomes a metadata storage point.
 
=== Dependencies ===
 
Two dependencies for Keychain Services integration on Mac OS X:
 
* the ability to open Keychain Services from Preferences (add a method or constant to nsI*ShellService)
* the ability to detect if default browser (implemented on Windows but not MacOS X) (this may prove challenging in addition since nsIShellService is a browser API, not a toolkit one where password manager lives. Maybe it should move, or become more generic)
 
== UI Improvements ==
 
I asked Beltzner on IRC if he had any desired improvements, and  came up with the following:
 
* The "Should Firefox remember this password?" dialog shouldn't block the loading of the new page.
* Password generation (eg, hash site name and a common password.) Has anti-phishing benefits because user doesn't even really know their own password.
* Filter or search functionality in the list in the "Show Passwords" dialog box. When passwords rise over 100, it becomes difficult to find a specific password.
* Password entry outside of content. InfoCard or something like it?
* Simplify language (eg, remove "HTTP Password Required").
TBD.
 
= Existing Extensions =
 
The following password-management extensions are on addons.mozilla.org, and give some indication of what kind of features people find useful.
 
* [https://addons.mozilla.org/firefox/1033/ PwdHash] 226
* [https://addons.mozilla.org/firefox/469/ PasswordMaker] 525
* [https://addons.mozilla.org/firefox/750/ AI Roboform Toolbar] 3615
* [https://addons.mozilla.org/firefox/3282/ Password Hasher] 1708
* [https://addons.mozilla.org/firefox/3825/ Annoyance Remover] 286
* [https://addons.mozilla.org/firefox/1890/ LoginManager] 568
* [https://addons.mozilla.org/firefox/4429/ Secure Login] 3567
* [https://addons.mozilla.org/firefox/135/ SecurePassword Generator] 739
* [https://addons.mozilla.org/firefox/3208/ Fire Encrypter] 1166 (mainly encryption, but has a "secure password generator")
* [https://addons.mozilla.org/firefox/2848/ Password Exporter] 88
* [https://addons.mozilla.org/firefox/3476/ SignupShield] 89
* [https://addons.mozilla.org/firefox/1275/ Master Password Timeout] 586
* [https://addons.mozilla.org/firefox/2186/ WiKID] 6 (2-factor auth)
* [https://addons.mozilla.org/firefox/2667/ 1passwd] 35
* [https://addons.mozilla.org/firefox/1222/ Passguard Login Manager] 53
* [https://addons.mozilla.org/firefox/670/ Password Composer] 6
* [https://addons.mozilla.org/fr/firefox/addon/4133 Password Finder] ?

Latest revision as of 20:10, 18 June 2020

Password manager key icon

The Toolkit password manager is responsible for remembering usernames and passwords (aka. logins) on sites and allowing the user to autofill or autocomplete it upon returning to the website.

Priority Bugs

(Not including about:logins bugs)

P1

Full Query
ID Summary Severity Assigned to Keywords Whiteboard
1811142 replace promiseFormsProcessedInSameProcess() with nextFillFormAsync() N/A Johannes [fxcm-test-debt]
1804369 Move Relay related CSS into it's own file N/A

2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);


P2

Full Query
ID Summary Severity Assigned to Keywords Whiteboard
1953351 [contextual-password-manager] Password visibility state not reset when closing Edit Form S2 Dimi Lee [:dimi] [fxcm-cpm-qa2790]
1772842 Primary password popup stuck S3 Dimi Lee [:dimi]
1768856 Firefox prompts two master password dialogs during startup S3 Dimi Lee [:dimi]
1768623 Make browser_autofill_http.js test saved login with https N/A Dimi Lee [:dimi]
1750193 When a username was already selected, gecko does not provide login options for other usernames. N/A Dimi Lee [:dimi]
1699992 after putting master password to access logins/passwords and reopening ff, new reg form cannot autogenerate password S3 Dimi Lee [:dimi]
1691733 [gap.com][V2 Doorhanger] The dropdown's first username candidate is lost if a another one is selected S3 Dimi Lee [:dimi]
1613059 Generate (Password) new-password does not work after Master Password is dismissed S3
1616935 Login context menu items don't work if there is a shadow root between the focused <input> and the root element S3
1622295 "Show Password" toggle is not functional after editing password 2 times S3 [passwords:capture-UI]
1622483 When writing passwords in password textboxes the writing and scrolling get slow, and if password written slow it could not finish completely wrote 'cause characters are selected and overwritten. S3 [passwords:fill-ui]
1623256 Page steals focus from doorhanger while editing details of a newly saved password S3 privacy [passwords:capture-UI]
1624255 about:logins asks for my Windows password but not my PIN or fingerprint S3 [passwords:os-reauthentication]
1629912 [false negative] Password generation is not offered for the Register password fields on twitter.com S3 [passwords:generation]
1629920 [False Negative] Password generation is not offered for the password field on facebook.com change form S3 [passwords:generation]
1633383 Dismissed doorhanger is not displayed after editing the saved username for a generated password S3
1633837 [False Negative] Password generation is not offered for the New password field on zoom.us registration form S3 [passwords:generation]
1641416 [Doorhanger V2] Show passwords from all <input>s in the doorhanger N/A
1641942 Form history suggestion dropdown now appears upon focus of username fields without saved logins S3 regression
1652724 [V2 Doorhanger] List of suggested usernames is shown for a split second upon clicking on the New-Password field S4
1653547 Username fields get empty login autocomplete rather than form history if another subdomain has a saved login S3 regression
1655165 Make sure all NewPasswordModel.jsm rules work fully with ShadowDOM S3 [passwords:generation]
1655505 [V2 Doorhanger] Request accessibility review of feature S3
1658056 [Doorhanger V2] 'enter' key on doorhanger suggestion closes the doorhanger S3 access
1659224 Ensure formLike.elements correctly lists all HTMLInputElement and HTMLSelectElement descendants of formLike.rootElement, even if they are inside ShadowRoots S2
1668902 Investigate re-enabling passwordmgr mochitest-plain suite under GeckoView. S3
1679564 autofill should dispatch change event AFTER JavaScript has finished executing S3
1690996 [Dismissed Doorhanger] Grey key is displayed upon switching between saved credentials via the autocomplete dropdown S3 regression
973759 Primary password should be protected with stronger cryptography S3 sec-want [passwords:master-password], [passwords:primary-password][fxcm-primary-password]
1952471 passkey.garden - Passkey autofill pop-up does not appear when selecting "Account ID" field S2 webcompat:site-report [webcompat-source:web-bugs]
1708368 Firefox hangs if Overflow menu is closed from the button while Import your login is displayed S3 regression
1714399 Add more detailed telemetry for improved password generation experience N/A
1715736 New generated password for a site opened in container tab is not auto-saved if it previously had a password generated and auto-saved in any kind of tab S3
1722552 need better wording for the "Autofill logins and passwords" preference checkbox N/A
1732399 Password auto-fill should not fill in passwords to sites with invalid certificates S3 sec-want [fxcm-primary-password]
1852987 Replace scenarioName with scenarios in "FormAutofill:GetRecords" and "FormHistory:AutoCompleteSearchAsync" messages N/A [fxcm-debt]
1751764 "Generate random alias" autocomplete item for username on password registration forms N/A
1751766 API to determine URL to sign-in, change password or register N/A
1848770 Fixing performance in sign up form detection S3 regression [fxcm-debt]
1761039 deutsche-bank.de user login not correctly saved S3
1764265 Password is not updated when changing password in facebook S3
1765990 Test userHasInteracted & userInteractionCount N/A
1844660 False positive sign up form detection on voip.ms S3 [fxcm-relay]
1198363 Password manager doesn't generate events for filling that web content expects S3 [passwords:fill-ui] [platform-rel-Facebook]
1769095 Constant popup requesting primary password S3
1018667 Import Safari logins/passwords (from macOS Keychain) N/A [fxgrowth] [fxprivacy] [passwords:import]
1773416 Create a module to share code between Form Autofill and Password Manager N/A
1844658 False positive sign up form detection on onlinebanking.b2bbank.com S3 [fxcm-relay]
1783488 The "Card number" user input box does not display the password manager list. S3
1783706 Use lastInteractiveInput when saving logins N/A
1834573 Migrate the event address.address_form to Glean N/A [fxcm-telemetry-fog]
1793089 Capturing a password when there is no password and not capturing username when there is a username S3
1803653 Add enterprise policy support to Relay integration N/A [fxcm-relay]
1825999 saved password displayed as suggestion (SECURITY ISSUE) S3
1820101 Consistency in references to the password manager/logins/passwords N/A [fxcm-productive-ux]
1815674 No login autofill on Boulanger.com S3 france, parity-chrome
1818133 Update used_on field when reusing Firefox Relay mask S3 [fxcm-relay-p1]
1808548 on mac or windows, firefow doesn't show alerts about password or breached website, but it does on iOS S3 Sergey Galich [:serg]
1808302 After focusing an email field, I have to click it again to get the Relay suggestion to show up S3 Sergey Galich [:serg]
1786712 password generator did not produce new password S3 Sergey Galich [:serg]
1843352 The email field opt-in can show up to Firefox users that are not signed in S2 Sergey Galich [:serg] [fxcm-relay]
1782943 The google login page saves the wrong password if the user introduces a wrong than right password S3 Sergey Galich [:serg] regression
1540727 When a second set of credentials is saved by logging into google, the first's set's password is saved S2 Sergey Galich [:serg] regression
1756501 Extend Services.logins.countLogins to filter by schemeless site S3 Sergey Galich [:serg]
1548771 Password Manager detects and saves the password with a blank username for alipay.com S3 Sergey Galich [:serg]
1555209 Use data from the autocomplete result in the parent to fill the correct password in content S3 Sergey Galich [:serg] [passwords:tech-debt] [passwords:fill-ui]
1600397 Firefox prompts twice to save a password: once with the password and once with the munged client-side hash/encrypted value S2 Sergey Galich [:serg] regression, webcompat:platform-bug [passwords:capture-UI]
1954470 [contextual-password-manager] "Passwords Imported" message displayed for invalid csv S2 tmanku [fxcm-cpm-qa2790]

68 Total; 68 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Site Compatibility

Full Query
ID Summary Priority Severity Assigned to Keywords Whiteboard
1691733 [gap.com][V2 Doorhanger] The dropdown's first username candidate is lost if a another one is selected P2 S3 Dimi Lee [:dimi]
1629912 [false negative] Password generation is not offered for the Register password fields on twitter.com P2 S3 [passwords:generation]
1629920 [False Negative] Password generation is not offered for the password field on facebook.com change form P2 S3 [passwords:generation]
1633837 [False Negative] Password generation is not offered for the New password field on zoom.us registration form P2 S3 [passwords:generation]
1761039 deutsche-bank.de user login not correctly saved P2 S3
1764265 Password is not updated when changing password in facebook P2 S3
1765990 Test userHasInteracted & userInteractionCount P2 N/A
1815674 No login autofill on Boulanger.com P2 S3 france, parity-chrome
1844658 False positive sign up form detection on onlinebanking.b2bbank.com P2 S3 [fxcm-relay]
1844660 False positive sign up form detection on voip.ms P2 S3 [fxcm-relay]
1952471 passkey.garden - Passkey autofill pop-up does not appear when selecting "Account ID" field P2 S2 webcompat:site-report [webcompat-source:web-bugs]
1540727 When a second set of credentials is saved by logging into google, the first's set's password is saved P2 S2 Sergey Galich [:serg] regression
1548771 Password Manager detects and saves the password with a blank username for alipay.com P2 S3 Sergey Galich [:serg]

13 Total; 13 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Architecture

PasswordManagerRelationships.svg

PasswordManagerAutocomplete.svg

See Also

Firefox:Password_Manager:UI

Retrieved from "https://wiki.allizom.org/index.php?title=Toolkit:Password_Manager&oldid=1228264"