Mozilla Firefox - showing passwords

19 Oct 2006 - 4:32am
7 years ago
7 replies
6587 reads
stauciuc
2006

Hi, all

There was something on my mind for a whiIe and now I decided to ask: Has
anyone any ideea what in the world determined the makers of Firefox to
display all stored passwords on a user's computer just at 3-4 clicks away?
To me, it makes the feature of storing passwords almost useless.
I like to have things as simple as possible, so I generally choose to stay
'logged in' and have passwords remember and things like that. But to
realize that I could walk out the room for two minutes to go to the bathroom
and in those two minutes I could have my identity stolen with just 3 clicks
and one copy-paste..Now that's frightening!
So it's official: starting today, I will never store passwords again!

...You would think a password will always stay hidden, because that's how
you enter it...But it seems that it won't...

Sebi

--
Sergiu Sebastian Tauciuc
http://www.sergiutauciuc.ro/en/

Comments

19 Oct 2006 - 8:14am
DrWex
2006

I suppose the question is what use cases you have in mind. To get a
password into this list the user must explicitly tell Firefox to
remember it. The default is not to remember it.

Once a password is remembered, it is possible to display that password
with five clicks and answering another "are you sure" type pop-up
where, again, the default is "no."

Given that, I think use cases involving accidental disclosure are
unlikely. So that leaves two use cases (or threat models if you
prefer). One of those involves some kind of remote attack, in which
the browser is tricked into revealing these saved passwords.
Certainly possible, but not really a UI/usability issue, is it?

The other is one in which a person who is not the original storer of
the passwords uses the UI to retrieve them. This person is at the same
keyboard as the victim and probably logged into the PC with the same
ID. (I don't know for a fact if Firefox stores passwords separately
for each login user, but it would be sensible if it did so).

So now we have someone who has access to your PC and is able to log in
as you. It seems to me that finding your passwords in Firefox is
really a trivial concern compared to the other risks in this scenario.

Let's look at the flip side, which is to say briefly delve into the
usability of passwords as security tokens. Frankly, they suck. You
have to use them all over the place, there's no easy way to remember
or correlate passwords with places they're used, different sites
impose different restrictions on what passwords may be used, etc.

The result is that people do things that are pro-usability but
anti-security, like reusing passwords, picking easy-to-guess
passwords, and writing passwords down in publicly visible places. Now
imagine you want to design a feature that improves the usability of
passwords, without requiring hundreds or thousands of Web sites to all
agree on something like single-signon (Microsoft Wallet anyone?).

My guess is that you'd design a feature much like what Firefox has.
That said, your vow never to store passwords again is a great one.
Good luck with that.

Best,
--Alan

On 10/19/06, Sebi Tauciuc <stauciuc at gmail.com> wrote:
> Has
> anyone any ideea what in the world determined the makers of Firefox to
> display all stored passwords on a user's computer just at 3-4 clicks away?

19 Oct 2006 - 8:31am
Håkan Reis
2006

To be fair this can be secured in the upcoming FireFox 2, it even may
be the case for previous version. You are able to set a master
password (where you have to answer this master password when you try
to use one of the stored passwords).

Setting this master password you are asked for this if you try to
reveal the passwords in the options dialog.

However, you should require this behaviour as default, not the other way around.

----
Håkan Reis
Dotway
http://blog.reis.se

19 Oct 2006 - 2:55pm
stauciuc
2006

On 10/19/06, Alan Wexelblat <awexelblat at gmail.com> wrote:
>
> I suppose the question is what use cases you have in mind. To get a
> password into this list the user must explicitly tell Firefox to
> remember it. The default is not to remember it.
>
> Once a password is remembered, it is possible to display that password
> with five clicks and answering another "are you sure" type pop-up
> where, again, the default is "no."
>
> Given that, I think use cases involving accidental disclosure are
> unlikely. So that leaves two use cases (or threat models if you
> prefer). One of those involves some kind of remote attack, in which
> the browser is tricked into revealing these saved passwords.
> Certainly possible, but not really a UI/usability issue, is it?
>
> The other is one in which a person who is not the original storer of
> the passwords uses the UI to retrieve them. This person is at the same
> keyboard as the victim and probably logged into the PC with the same
> ID. (I don't know for a fact if Firefox stores passwords separately
> for each login user, but it would be sensible if it did so).
>

Yes, this is the one.
I guess it is a problem of perception then. When Firefox asks me "Do you
want me to remember the password for this site?", I imagine that it means
"..so that I can auto-fill whenever it is needed and that is all", and not
"so I can display it to you when you need it". Even on my own computer, even
logged in my account, I am not comfortable with my password being displayed
in text mode, even 5 clicks away and even with the confirmation message
(which I find pointless, by the way).

So now we have someone who has access to your PC and is able to log in
> as you. It seems to me that finding your passwords in Firefox is
> really a trivial concern compared to the other risks in this scenario.

Yet I can't help seing it as a serious risk. It's not probable, but it's
possible, isn't it? I may have people invited at my house and the computer
on playing music. I may be at work, going for a cup of tea. Or I might have
my laptop stolen (and no password to my account, for the sake of easy use,
ofcourse). It just takes one person with the "right" intentions at the right
place at the right time. And I could be seriously damaged...
Am I paranoid?

Let's look at the flip side, which is to say briefly delve into the
> usability of passwords as security tokens. Frankly, they suck. You
> have to use them all over the place, there's no easy way to remember
> or correlate passwords with places they're used, different sites
> impose different restrictions on what passwords may be used, etc.

The result is that people do things that are pro-usability but
> anti-security, like reusing passwords, picking easy-to-guess
> passwords, and writing passwords down in publicly visible places. Now
> imagine you want to design a feature that improves the usability of
> passwords, without requiring hundreds or thousands of Web sites to all
> agree on something like single-signon (Microsoft Wallet anyone?).

I understand. But isn't it a step too far to make anti-security a standard,
so to say? Feeling secure contributes to user experience too, not only
easiness of use.
..And if I write my password in a file on my computer, at least I can choose
the location. It might not be so trivial for others to find it. But when the
"password place" is known by everyone...

Anyway, the master password Håkan mentioned seems like an important
improvement to me.

My guess is that you'd design a feature much like what Firefox has.
> That said, your vow never to store passwords again is a great one.
> Good luck with that.
>
> Best,
> --Alan
>
> On 10/19/06, Sebi Tauciuc <stauciuc at gmail.com> wrote:
> > Has
> > anyone any ideea what in the world determined the makers of Firefox to
> > display all stored passwords on a user's computer just at 3-4 clicks
> away?
>

--
Sergiu Sebastian Tauciuc
http://www.sergiutauciuc.ro/en/

19 Oct 2006 - 4:12pm
Josh
2006

There is no question that passwords present fairly significant
problems/frustrations to many people, and I have a feeling that, the
benefits of having browsers remember passwords typically outweigh the risks.
I tend to agree that it is a little odd that actual passwords could be
displayed in FF, but the security issue seems to be more one of access to
the computer than of poorly thought out software security design. In my
experience, most password security/identity theft issues are products of
people being careless with their login information (post-it notes attached
to monitors, etc.) or being the victims of outright fraud. Both issues can
be temporarily addressed with better education, at least until someone comes
up with a solution to get us past all of this password/login madness.

On a related note:

When dealing with the Web, it's not just passwords that pose a frustration.
We have to consider that a password is pretty useless without some unique
identifier to go along with it, so some sites use Usernames others use Email
Addresses and every site seems to have it's own character limits and
character combinations. This results in each unique login combination having
to be remembered. There have been numerous attempts in the past to help
solve these issues, Microsoft Passport being one of the more well-known
"non-successes".

There is some pretty interesting work being done right now to address some
of the issues dealing with logins, user profile management, and security.
OpenID being one of the more interesting pieces along with Microsoft's
CardSpace.

We have put together some basic resources at
http://identity.eastmedia.com/for anyone interested in checking out
what is being called "Identity
2.0". There are definitely pretty interesting issues that could use some
interaction design perspective.

- Josh
EastMedia Group

20 Oct 2006 - 3:49pm
Caryn Josephson
2004

Related to the issue of security vs. usability of passwords is the issue of
the 'security question' to help retrieve a lost username/password.

We're faced with a situation where we have a web site with very
secure/private information. Most people access the web site a few times a
year, thus increasing the likelihood that they will forget their password
and need the 'prompt'. We need to come up with some security questions that
are easy to remember the answer to, yet wouldn't be available in the public
domain or by a destructive ex-spouse. Thus, questions like 'mother's maiden
name' and 'city of birth' are easy to find in the public domain. Questions
like 'what city was your honeymoon' or 'childhood best friend' would be
knowable by the ex-spouse. Some of the proposed questions are too
open-ended (e.g. 'Name a favorite actor or actress' - this will most likely
change 9 months from now thus ensuring that the retrieve password request
would fail).

Does anyone have any research or good examples of questions that are both
unambiguous/easy to remember the answer to, yet not easily knowable by
either the public or general (former) family members?

Caryn

-----Original Message-----
From: discuss-bounces at lists.interactiondesigners.com
[mailto:discuss-bounces at lists.interactiondesigners.com] On Behalf Of Alan
Wexelblat
Sent: Thursday, October 19, 2006 8:14 AM
To: Sebi Tauciuc
Cc: ixdadiscuss
Subject: Re: [IxDA Discuss] Mozilla Firefox - showing passwords

[Please voluntarily trim replies to include only relevant quoted material.]

I suppose the question is what use cases you have in mind. To get a
password into this list the user must explicitly tell Firefox to
remember it. The default is not to remember it.

Once a password is remembered, it is possible to display that password
with five clicks and answering another "are you sure" type pop-up
where, again, the default is "no."

Given that, I think use cases involving accidental disclosure are
unlikely. So that leaves two use cases (or threat models if you
prefer). One of those involves some kind of remote attack, in which
the browser is tricked into revealing these saved passwords.
Certainly possible, but not really a UI/usability issue, is it?

The other is one in which a person who is not the original storer of
the passwords uses the UI to retrieve them. This person is at the same
keyboard as the victim and probably logged into the PC with the same
ID. (I don't know for a fact if Firefox stores passwords separately
for each login user, but it would be sensible if it did so).

So now we have someone who has access to your PC and is able to log in
as you. It seems to me that finding your passwords in Firefox is
really a trivial concern compared to the other risks in this scenario.

Let's look at the flip side, which is to say briefly delve into the
usability of passwords as security tokens. Frankly, they suck. You
have to use them all over the place, there's no easy way to remember
or correlate passwords with places they're used, different sites
impose different restrictions on what passwords may be used, etc.

The result is that people do things that are pro-usability but
anti-security, like reusing passwords, picking easy-to-guess
passwords, and writing passwords down in publicly visible places. Now
imagine you want to design a feature that improves the usability of
passwords, without requiring hundreds or thousands of Web sites to all
agree on something like single-signon (Microsoft Wallet anyone?).

My guess is that you'd design a feature much like what Firefox has.
That said, your vow never to store passwords again is a great one.
Good luck with that.

Best,
--Alan

On 10/19/06, Sebi Tauciuc <stauciuc at gmail.com> wrote:
> Has
> anyone any ideea what in the world determined the makers of Firefox to
> display all stored passwords on a user's computer just at 3-4 clicks away?
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... discuss at ixda.org
List Guidelines ............ http://listguide.ixda.org/
List Help .................. http://listhelp.ixda.org/
(Un)Subscription Options ... http://subscription-options.ixda.org/
Announcements List ......... http://subscribe-announce.ixda.org/
Questions .................. lists at ixda.org
Home ....................... http://ixda.org/
Resource Library ........... http://resources.ixda.org

20 Oct 2006 - 5:21pm
Lorne Trudeau
2006

"Does anyone have any research or good examples of questions that are
both

unambiguous/easy to remember the answer to, yet not easily knowable by

either the public or general (former) family members?"

ING Direct (ingdirect.ca) has a very interesting security layer whereby
the user is asked to enter a custom greeting message and select an icon
from a provided list.

This greeting and icon is displayed whenever they log in. By displaying
this information they achieve two things: first, they address phishing
attacks and second, they remind the user what message and icon they
selected.

They can then use the message and icon to identify the user without a
password.

Lorne

PS. Here is a collection from the Royal Bank of Canada:

* What do I call my mother's parents (use 'and' w/ no spaces)?

* What was my high school physics teacher's last name?

* What is my computer call sign (last word only)?

* What was my first pet's name?

* My kindergarten teacher's name?

* Where was my first job?

* Who was the best man at my wedding?

* Who was the maid of honor at my wedding?

* Name of city where my father was born?

* What was the make of my first car?

* Who was my best friend on the first day of school?

* Street name of the first place I lived after being born?

And their instructions/guidelines for questions:

"We do not recommend questions with answers that can be found in your
wallet, purse or at the desk by your computer. Questions like what is
my address, date of birth, height etc. can be easily found on
identification items, such as your drivers licence.

Other questions, like mother's maiden name is commonly over used, and as
such can be determined by many individuals with access to your family
records. Any question that is in the public domain of knowledge or
questions that do not have an answer unique to your situation should be
avoided.

To avoid input errors we suggest you refrain from using questions that
require a date answer, unless you remember the format you used to enter
the answer. (YY-MM-DD etc.).

Questions should be easy enough for you to remember but personal so they
can not be answered by someone else."

20 Oct 2006 - 7:02pm
cfmdesigns
2004

>From: Caryn Josephson <cbz at skypoint.com>
>
>Does anyone have any research or good examples of questions that are both
>unambiguous/easy to remember the answer to, yet not easily knowable by
>either the public or general (former) family members?

Let's see: easily remembered by the individual but not likely to be known by family and friends? Social security number!

Oh, wait, we're not allowed to use that, are we? (He says, a bit annoyed that every second credit card company or bank or whatever wants me to give them that number for ID despite dire messaging everywhere that we should never use it for such.)

How about "Who is the first person you ever had sex with?" That's a question neither family nor friends are apt to know (unless it's them; "eww" if that's family rather than spouse or friend), but which everyone will remember for themselves.

-- Jim Drew
Seattle, WA

Syndicate content Get the feed