Hi,

I don't know much about those services but I thought we wanted to integrate 
Firefox Persona and Accounts in Firefox OS. Do those services provide the 
equivalent "password manager" service in the end ? (in the cloud) 

latest status I found is here : 
https://wiki.mozilla.org/Identity/Department_Status/2013-11-22


Natalia Martinez-Winter

----- Original Message -----
From: "Alive" <al...@mozilla.com>
To: "dev-webapi" <dev-web...@lists.mozilla.org>, dev-b2g@lists.mozilla.org, 
"dev-gaia" <dev-g...@lists.mozilla.org>
Cc: "Paul Theriault" <ptheria...@mozilla.com>
Sent: Thursday, 5 December, 2013 4:20:24 PM
Subject: Proposal: PasswordManager on FxOS

Hi folks,

I'd like to have a password manager inside our operating system to store and 
manage passwords you'd typed in the FxOS.

This is an old item in my mind beyond FxOS v1.0 when I sadly found our phone 
crashed when we visited mozilla phonebook.
(It had been fixed long time ago so we support HTTP authentication well now.)

Again, think about this case:
EVERY time you visit https://phonebook.mozilla.org/, you need to retype the 
password :)
Other than the case, there're tons of pages on the web having a password field.

Today I discussed with Paul, from security team, and be glad to know he also 
loves this idea.
And what's not good is, it sounds like we are still far away from the password 
manager.

1A. We need a stronger password for lock code. It'd be used for the key for all 
your passwords. (from Paul)
1B. We need to change the way storing lock code. No settings.
2. We need some way to encrypt.
3A. We need to store the password somewhere safely.
3B. We need API to store the password. This API shall be only used by gaia 
system app IMHO?

Item (1A) Is a pure gaia work but some of my concern now are:
* Need UX (Hello UX ww!)
* We'd love to have a standalone lockscreen app,
  and I wonder a standalone app would break the security, though this is not in 
our case.
Item (2) and (3) I'm afraid I need gecko-er's chime in here.

The password storing on desktop browser is noticed by the world due to Chrome 
browser just put the plain password and you could easily see it in the setting.
IMO we won't want the plain password….?, and "encrypt" in gecko now is in a 
little ambiguous state: Which way and how to do?
I'm still very young to this area so I don't have exact idea what we shall do ;)

I believe this post is just a small step to reach what we finally want to have,
so I am appreciated if anyone stands up to push this or states any of your 
opinion!

Thanks for reading :)
Alive
--
Alive C. Kuo, Front-end Engineer, FirefoxOS, MoCo. Taiwan, Taipei office.
al...@mozilla.com




_______________________________________________
dev-gaia mailing list
dev-g...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-gaia
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g

Reply via email to