On Jan 13, 2014, at 5:00 AM, Mark Hammond <[email protected]> wrote:
> I've opened a bug to discuss what we should do when a user logs into one > Firefox Account, successfully syncs, then logs into a different Firefox > account. There are a number of complications in this scenario; as > rnewman puts it: "Failure mode: my passwords end up in my friend's > password manager". Clearly this would be bad. > I hope the flow in question is actually: 1) Log in to FxA as user 1 2) Sync 3) Disconnect FxA for user 1 4) Log in to FxA as user 2 It should be impossible to login from UI as FxA user 2 while FxA1 user 1 still has her account connected to Firefox. -chris > The bug is https://bugzilla.mozilla.org/show_bug.cgi?id=958927. I've > copied a comment from this bug below to whet your appetite for some of > the issues we face. In the 29 timeframe, I'm not sure we can do better > than simply refuse to sync with a different Fxa account, but I invite > everyone with any thoughts on this to contribute in the bug. > > An excerpt from a comment from rnewman in that bug: > """ > But wrt the broader point: this has been an under-designed area of original > Sync, too. And I've seen pained user reports of data merging in Chrome. > > The issue is that when a user starts thinking in terms of "signing in", > rather than "setting up Sync", their expectations about data going away and > coming back change. E.g., > > * Should you wipe this profile when you sign out? When you sign in? > * If not, should you merge the contents, or prompt differently if this > is the second account you sign in to? Failure mode: my passwords end up in my > friend's password manager. > * What happens if a first sync isn't finished when I sign out? Is that a > problem? (With the Sync codebase it certainly is from a protocol standpoint, > but it's a different kind of problem if you're about to wipe the profile!) > > In Sync we avoided this by not strongly phrasing things in terms of > signing in to an account -- e.g., "unlinking" rather than "signing out". > > The solution in terms of Accounts is probably SITB with profile > switching (Bug 749195). > """ > > Mark > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
