+passwords-dev On Fri, Jan 23, 2015 at 2:41 PM, Christopher Karlof <[email protected]> wrote:
> +dev-fxaccts > > On Thu, Jan 22, 2015 at 4:01 PM, Francois Marier <[email protected]> > wrote: > >> Hey Chris, >> >> Bram and I have continued to discuss the things he presented in Portland >> around user profiles. One interesting (and somewhat independent) piece >> of his proposal is password-protecting user profiles (i.e. encrypting >> them with a password-derived key). >> >> This potentially has ties to FxA, but it also makes the existing "master >> password" feature in the password manager somewhat unnecessary. >> >> > *shrug* As is, master password sucks. One dangerous thing with encrypting > your local profile with a password derived key is that if you forget your > password, you lose *all* your data. > > Alternatively, you might consider using kA to encrypt the local profile. > In that case, as long as you can at least reset your password (via email > challenge), you can recover your local data. > > So I was wondering: what are the plans with respect to master passwords >> in the new improved password manager? Also, is the master password still >> interfering with Sync+FxA or has that been fixed already? >> >> > The bug between master password and FxA+Sync has been resolved. > > Our plans to improve the master password are still nebulous, but I like > the kA approach personally, even if it just applies to the password > database. > > -chirs > > >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
