As soon as I hit "send", I realized my message was very negative and not
as constructive as I wanted it to be.
I think any exploration into making password managers better is a step
in the right direction, those explorations can be used to iterate and
improve authentication not only for the web, but for all apps that
require authentication.
I deeply believe a Firefox-only password manager is a partial solution.
If we were able to take the Firefox password manger, detach it from
Firefox, and turn it into a standalone app that has deep OS level
integration, that would be significantly more useful for a significant
portion of the online population. The standalone Firefox-based password
manager could still use Gecko as the runtime, and use the Web as the
platform (as our signs all around say), but it would be accessible
outside of Firefox, to any standalone app. This is what I see as the ideal.
Shane
On 16/10/2014 11:47, Shane Tomlinson wrote:
Hi Mark, I'm really down on browser-only password managers. A
browser-only password manager is of limited use if it cannot be used to
by standalone apps on mobile devices. Like ckarlof said in the
referenced bug, password managers are useful when they can be used
*everywhere* the users go. On mobile devices, the browser is only one
app of many where users must authenticate.
A solution that has deep OS level integration and can be accessed in any
app is the ideal, otherwise the password manager is a partial solution
that causes frustration can end in bad password practices by the user.
For example, If I introduce my wife to the (theoretical) Firefox
password manager that makes it easy for her to sign up to a site with a
super strong password but fails to provide her with a mechanism to sign
into that site's standalone app, she's not going to be very happy with
either Firefox or me and is going to change her password to some easy to
remember, easy to type 8 character word she probably uses on another 20
sites.
If our solution had deep OS level integration and is usable by any app,
like Keychain or Lastpass, then yes, that's awesome and you can ignore
me. Otherwise, meh.
Shane
On 16/10/2014 04:00, Mark Finkle wrote:
I'm not suggesting you stop with the prototype, but I am pushing Mozilla
to add this kind of feature to Firefox itself, and allow all websites to
have access to stronger password generation, saved to Firefox's password
manager and sync'd across devices. We are already behind:
http://www.computerworld.com/article/2602955/security0/google-updates-chromes-built-in-password-maker.html
http://9to5mac.files.wordpress.com/2013/10/screen-shot-2013-10-24-at-7-51-45-pm.png?w=704
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
