Help wanted to test new password manager backend

[bryner]

Hi all,

I'm looking to get some more widespread testing of a new Password Manager backend I've been working on for Firebird. I've made experimental builds available with the new backend:

http://ftp.mozilla.org/pub/firebird/nig ... erimental/

Before you download these builds, please note: there is a definite potential for your saved passwords to be lost when using this build. You should back up your stored passwords before running the experimental build. The stored password file has a random name, but you can identify it by the ".s" extension (it is located in your profile directory).

One important functional change is that the encrypting vs. obscuring preference has been removed. Passwords are now always stored encrypted. If you have a master password set, you will be prompted for it the first time a password needs to be stored or prefilled.

I'd really like to hear about any issues anyone finds with the new implementation. In particular, I'd like to make sure that everyone's pre-existing saved passwords are read in correctly, and that there aren't any sites where the prefill works incorrectly.

Please DO NOT report bugs on the new password manager in Bugzilla (that would create confusion at this point). Instead, post them as replies to this thread.

Thanks!

[DamianMoran]

Dl'ing, but one quick Q, it is possible to set Master Password without using old prefs panel?

EDIT: Using now, are there any steps you would like tested?

[Steffen]

Dl'ing, but one quick Q, it is possible to set Master Password without using old prefs panel?

It asks you the first time you let FB remember a new password. Just making up a new one

[DamianMoran]

Dl'ing, but one quick Q, it is possible to set Master Password without using old prefs panel?

It asks you the first time you let FB remember a new password. Just making up a new one

I thought that was per site PW, not Master.

[Steffen]

Browse to a site where no ID and PW is stored. Enter that. Click Yes, store these. Then it asks for a master pw.

[DamianMoran]

Weird. Went to login to mail.yahoo.com (not stored or cookied) and it didn't even ask me to save password.

[alanjstr]

Weird. Went to login to mail.yahoo.com (not stored or cookied) and it didn't even ask me to save password.

Yahoo never gets stored for me in the first place. They prob have it disabled somehow.

[Steffen]

FB remembered all my saved passwords. It let me choose a master pw the first time I saved a new pw. Clearing saved passwords works. I restarted FB and readded my passwords.

After every single start of FB, the first time the pw manager is used, for example browsing to a site where you need to login and have your pw saved, it asks for the master pw.

One Problem: On https://www.polypol.com/ I can login and logout. After logout, 22 asterisks are displayed in the password field in the login form. This is odd because my pw for that site is only 6 characters long. Only my id has got 22 characters! I cannot login with this false pw. This false pw is stored!! If I correct the pw at the second login, the correct pw is saved and 6 asterisks are displayed from that on before and after logout.

[Steffen]

The problem with the 22 char pw also appears in bugzilla!
In both cases, my ID is an email address.
Again, only a first-time problem.

[DamianMoran]

I see, alright "it always has" the problem is (as I see it) what specific tests are we meant to perform to test this build?

[Steffen]

Damian, just test everything you can think of related to passwords!


Another problem: My dictionary bookmarklet (found on the bottom left of the linked page) doesn't work anymore.

Usually I highlight a word and click on it and it opens the translation in a new page. If I didn't highlight something, a messagebox pops up and let me enter a word.

But now it first asks for the master password! Then the messagebox pops up even if I've got something highlighted. Then, it is prefilled with one of my IDs. There is also a checkbox "Use Password Manager to remember this value". And the worst: clicking OK leads to nothing. The messagebox closes but the translation page does not open.

[Goldzilla]

Weird. Went to login to mail.yahoo.com (not stored or cookied) and it didn't even ask me to save password.

There's a sample webpage on the net somewhere that shows you how to autologin into Yahoo Email but you have to store your username and password into a webpage in cleartext. Though this should be okay on a secure machine with an expendable account. Instructions are in the proxomitron yahoo group.

The Yahoo email stuff is just a form and you only have to post some information to it.

[shadytrees]

BTW, any other important new features we should know about (translation: give us the scoop, man)?

[tseelee]

Yahoo never gets stored for me in the first place. They prob have it disabled somehow.

Yes, I once looked at the HTML and saw something near the beginning (in the <head> or <body> tag I think) that said something along the lines of "autofill=false."

[Steffen]

BTW, any other important new features we should know about (translation: give us the scoop, man)?

Bookmarklets aren't Mozilla-specific. They're just bookmarks containing javascript code. Another, more simple one is this:

Code: Select all

javascript:window.open('http://validator.w3.org/check?uri='+location);void%200

Create a bookmark in your bookmarks toolbar, right-click, select Properties and paste this code into the location line. When you click on it, it validates the current page in a new tab/window. Very handy.


But what's new about the password manager is the new master password. You've got to enter it the first time. It has a password strength indication. Make it not too short and include numbers and special characters to get it strong.

The master password question is asked a second time if you click cancel. Don't know if this is intended.
It's case sensitive and doesn't like if you enter more characters than your master pw is long. Just what you expect.