Firefox Credential Management team is excited to hear your thoughts and opinions. Let's talk about Password Generation.
Do you use this feature? What stops you from using it? Do you need more control over the password generator, like the ability to specify password length or which characters it must have? Would you like to have an option to generate a passphrase - a few word sequence that you can remember?
We will be checking this thread for the next two weeks to gather your thoughts!
Password generation is one of the most important things to consider in a password manager. Having control over it would improve the experience because:
Having the option to generate a passphrase is a nice addition which is not seen in other browsers. But it would be kinda tricky to make it unique across users because I would see people picking the same thing. It would need to be truly random across users. Maybe with a nice randomized pop-up selection and a very big dictionary?
And please, I know that this is a bit off-topic, but could you add Two-Factor Authentication? It would be a feature that is only found on a couple of paid password managers and would definitely bring users to Firefox, as well as making it compatible with other browsers and securing accounts more easily.
Thanks for all the work you do!
Hi @Pedro, thank you for sharing your thoughts!
We definitely like the idea to give users more control over what passwords they can generate. At the same time we should set the minimum bar to be secure enough, because we can not expect every user to be an expert in cryptography.
Passphrases can be helpful for things that user must remember, for example Primary Password. But if we do them, it will be as random as a character based password.
I like 2FA suggestion, even if it's a bit off-topic 🙂 Someone already helped us and filed a bug for that.
What do you think about how many controls we should give? Single slider of password length or precise controls over how many letters/digits/special symbols must be generated?
It would be nice to have two sliders, one for length and one for complexity (that would slide between letters, letters + digits, letters+digits+specialsymbols). That way, you have almost all the options covered without it being too complicated for regular users. Just my two cents 🙂
Hey! I use the built-in password manager, but there's a couple things that would make this a lot better:
1. Way to keep track of accounts that I use and which SSO logins provider I used. For example, if I log in to a website, it will remember that I use the `Sign in with Github` button or something. This makes it easier to avoid creating duplicate accounts if I select the wrong login provider. (personal impact: low)
2. Way to keep secrets. For example, some accounts have a recovery key that must be saved somewhere. A way to store it in the password manager would be helpful. (personal impact: med)
3. Customizing password generation characteristics to appease password requirements like what@Pedro said (personal impact: med)
4. 2FA built into the password manager like what@Pedro said (personal impact: med/high)
5. ECOSYSTEM - This might be off topic, but better integration across FF products would be great:
- Firefox Relay - flag that I have certain accounts saved in password manager. This would help prevent ppl from deleting aliases with accounts still attached to it. (personal impact: low)
- Firefox Monitor - an option to monitor all Firefox relay aliases without me having to manually copy paste in my Firefox relay aliases (personal impact: low)
Hey@gliu20 , thank you for your feedback!
1. This is an interesting idea, let me file a bug so it will not be forgotten.
3. How much customization do you think will be good enough? I'm trying to find balance between expert user vs regular user.
4. I think that can fit nicely in your point #2 - ability to add more secrets.
5. Let me talk to Firefox Relay team, see what they feel and think about it.
Here is the link to the bug https://bugzilla.mozilla.org/show_bug.cgi?id=1761773. At this point it's not crystal clear what exactly browser should/could do and how to do it, but we can keep talking about it and figure this out.
Thank you for developing the Firefox Lockwise. The most obvious reason why I can't use the password generation feature is that Firefox for Android doesn't have it. So i have to create my accounts in Firefox desktop. This is a situation that limits my user experience.
I use this feature. I haven't had to make changes to the character composition or length.
A new way to generate memorable passwords would be neat. If you think using a phrase of words would be more memorable, I'm willing to try that out.
Hi! awesome that you guys are collecting feedback. I use the password manager and have it synced using different Firefox-es on my devices for convenience. Here are some of my main feedbacks/suggestions: -
I use this feature very much, I used to come up with my own passwords, but since Firefox syncs throughout devices and it's gotten so good at recognizing login attempts from mobile apps related to the a website account, I started relying on the randomly generated passwords now. A few things I'd like to see:
1. Special characters in the generated passwords. I can't remember when was the last time a random password was accepted as is, almost always I have to introduce a special character manually. That leads to two entries saved in the Password Manager for that site (original and customized).
2. Password generation on the mobile app (ideally talking to the apps as well), for the occasions when the account needs to be opened in mobile. A lot of services are mobile first now, don't even have an option to create an account on a computer.
3. Password Manager secured by fingerprint in a Mac. It's already done for credit cards, but for passwords I still need to type the master password.
Thanks everyone for your thoughts and feedback on password generation and other features of Credential Management!
We will take all of the information we collected here to improve our priorities and decision making process. It's great to see that people are using Password Generator. We learned that it's important to:
While I can not provide any timelines for that, I can tell you that our team will be looking into these areas. Once again, thank you for your time and effort.
Thanks so much for participating in this productive conversation about password generation (and more). It was great seeing so many valuable insights shared both ways! We are closing out this thread, but want to encourage you to continue sharing your feedback and ideas about this particular topic in new posts—just be sure to use the necessary labels and tags, so your posts are easily searched for and discovered by our teams.
Also, we are excited to announce that a new discussion hosted by a Mozilla employee has just kicked off and can be found here: Creating and Collaborating with Media in Firefox
This will be an ongoing series here in the Mozilla Connect community, so we look forward to continuing to collaborate with you all 😀
-The Community Team