On Dec 10, 2013, at 6:58 PM, Frederik Braun wrote: > On 09.12.2013 16:59, Fabrice Desré wrote: >> On 12/09/2013 01:44 AM, Jan Jongboom wrote: >>> I don't really know what I want. Just the stuff that we have in FF for >>> Android? Are those extensions or user scripts? >> >> FF for Android has old style extensions. We'll never have them on b2g. >> But I'd like to understand what a lastpass extension needs. > > A WebActivity that returns a text for a given input tag name + form URL?
I don't think Web Activities are appropriate here - apart from the awkward UX, it wouldn't be possible for the password manager app to know that the requesting app wasn't being malicious. (or I can't think of how it would do this, maybe others can). One approach I was pondering was creating a keyboard app that remembered your passwords. It's not as seamless, as the user would need to tap a password field prior to the password being populated. But maybe it is currently possible without any additional APIs ? (Just a half-baked idea really) This of course doesn't solve any of the requirements listed in the first email around protecting passwords in storage. Note my comments around a stronger login password are only relevant if you plan on using a key derived from the user's passcode to encrypt passwords at rest. There probably are other alternatives (like encouraging the user to set a "Password Manager Password" on first use etc). - Paul _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g