cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mg1881
New member
Status: New idea

Please add a setting to allow changing the default visibility of the passwords in the logins and passwords page.  I understand why having to use the "show" button is a good idea on computers in public places.  I rarely use mine outside my home, so having this option would speed up my work - especially when cleaning up or changing passwords.

I would put this setting prominently on the logins and passwords page, so one could easily find it when going to a public place.

5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

javierirun1
New member

Hi,

I got the request. I have searched a lot of information about this matter without finding a good solution.

Imagine a production environment where there exists a system administrator that has created and installed the accounts on Thunderbird.

To avoid these accounts to be used from other locations or purposses we can not hide this information, what implies a serious security problem.

Thanks for your help and suuport.

Best Regards 

fugueink
New member

@javierirun1 I am confused. I have read your post several times, and I do not understand it. Can you rephrase?

 

Set the preference to hide the password by default, and then those of us who want to be able to always see our passwords can change it. With the ever-increasing required complexity of passwords, I really need this feature. There's never anyone looking over my shoulder. I am always alone in my home.

 

I don't see why the toggle is okay but always showing is not. It should be the user's choice, but I cannot change it even by using about:config.

mg1881
New member

Thanks @fugueink.  I'm also confused by the comment by @javierirun1

Maybe he means that a system admin would worry that if users could change the default setting to show passwords, then at some point those passwords could be exposed to prying eyes at airports, etc.  I can see the sense in that.  Seems a bit of overkill, but I'd worry too if I were in the sys admin's shoes.

So maybe only allow those with administrator rights to make this change.  If things are still the same as during my corporate days, users can't log-in as administrator on their company computer.  😁

That way you, I, and other carefree users could log in as administrator and still change the setting.

javierirun1
New member

 

Hi to both @fugueink and @mg1881,


I will try to give a little more of information about this issue talking about my personal experience.


I am a sysadmin, as you say watching saved passwords is not a problem for personal/home users but It can be a REAL SECURITY PROBLEM in a production environment.


So, think about a LAN with several machines that are being shared by many persons in different work shifts. The PASSWORDS can be watched by anyone in a couple of steps. I could take that info and install the account at home ... or even use this information after leaving the company before the passwords are renewed.


So, I think that this is a SERIOUS problem, we know that almost all the SECURITY measures can be broken but not with a simple step or query.


For instance, if I could hide the button to see the password using the configuration editor (the editor should also be password blocked) this would be enough for almost all the users.


Or even if this information is encrypted ... this can be enough to curious eyes or butterfingers.

I think that this information is too important so that you can be accessed that easy.

So, we know that your car your can be stolen but do not leave the keys in.

Thanks