On Tue, Oct 21, 2014 at 8:28 PM, Doug Turner <do...@mozilla.com> wrote: >> >> I doubt that's what roc was suggesting. But it's hard to say more without >> more details on the said overall strategy. >> > > I think this is an interesting idea and we should look into how much effort > it is to add support for this usb security key. > > And, I think we can go a long way in fixing the password problem without > having to depend on custom hardware. I'd like to see us invest in > fixing/improving our built-in password manager and autofill in Firefox. Many > 3rd party password managers have made huge strides in reducing the friction > of creating unique high-entropy passwords without relaying on custom > hardware. I use such a product and it is a game changer -- I don't know any > of my password but the master password. > > So maybe before we write code to support a new token, we figure out what the > Firefox plan around password management is?
The spec here could help a lot with improving the password/login situation. http://mikewest.github.io/credentialmanagement/spec/ It does a few things as currently drafted. One of which is to allow websites to more explicitly interact with our password manager. It currently only covers the case of getting a username+password to log the user in, but the plan is to extend it to also cover the case of generating a password to use for the website. With that we could create very good integration with password managers like 1Password. Another thing it does is to help with federated ID providers such as facebook and firefox accounts. What's really good about the spec though is that it solves the chicken-and-egg problem that we've struggled with for a while. It enables websites to do exactly what they are doing today but slowly take advantage of features from the spec at whatever pace they see fit. It also doesn't require federated ID providers to make any changes in order work with the API. The spec also provides a good first step towards getting the browser more involved in the login flow. This could make it easier for us to do things like add hardware tokens in the future. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
