I showed the password playground to a friend (and xoogler) yesterday who was
strongly opposed to us deploying this on anything but one site (e.g. we should
not make this available for other sites to use as a service on the web). If
sites starting linking to the playground from their password manager, we would
indirectly be encouraging password reuse. He felt that people would just start
using the playground like a password generator entering the same phrase
everywhere.
He suggests that instead of a 1Password-style password manager, we should
instead be exploring a password generator not unlike:
https://oneshallpass.com/
or
http://www.supergenpass.com/mobile/
…which combines a phrase with the hostname and generates a strong password, but
doesn’t actually store passwords.
There are a upsides and downsides to this approach as it’s so radically
different, but I’m going to explore the idea of native support in the browser,
likely in some kind of Australis-menu item.
Ryan Feeley
UX, Cloud Services
Mozilla UX
IRC: rfeeley
On Oct 2, 2014, at 12:24 PM, Jared Hirsch <[email protected]> wrote:
>
> On Oct 2, 2014, at 8:28 AM, jgruen <[email protected]> wrote:
>
>> Here’s the prototype I built for intern Greg this
>> summer:http://people.mozilla.org/~jgruen/passwords/mnemonic/#mn-two
>>
>> Ryan, your mockup shows color changing letters in a <textarea>, whereas my
>> prototype uses a second <div> to highlight first chars of each substring.
>> Off the top of my head, IDK how to implement the color change directly in a
>> <textarea>. I’m sure there’s a hack out there somewhere, but I’m open to
>> suggestions.
>
> Here's an idea: instead of a textarea, you could use a sized div with a solid
> border and contenteditable set to "true".
>
> You could drop in some jQuery if you need it to be draggable-resizable.
>
> Have fun :-)
>
> Jared
>
>
>>
>> JG
>>
>>
>> On Oct 1, 2014, at 6:19 PM, Chris Karlof <[email protected]> wrote:
>>
>>> Nick and Shane, also.
>>>
>>> I’m thinking something very quick and dirty here. Maybe something we can
>>> enable/disable with a feature toggle, or only show to a small number of
>>> users to start.
>>>
>>> -chris
>>>
>>>
>>>
>>> On Oct 1, 2014, at 3:11 PM, Ryan Feeley <[email protected]> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I had a chat with Chris Karlof today about a tool to help users create
>>>> better passwords. Based on some early work I did, and further development
>>>> by Greg Norcie and John Gruen, I’m hoping we can create a little wizard to
>>>> do just that.
>>>>
>>>> I created an issue which includes a link to the wireframes:
>>>> https://github.com/mozilla/fxa-content-server/issues/1732
>>>>
>>>> This is something we can deploy for FxA but also eventually offer to other
>>>> sites on the web as a service (they can link or use an iframe overlay).
>>>>
>>>> Zaach and Vlad, is this something that’s possible for the next two weeks?
>>>>
>>>> Katie, we’d also like to track impressions and click-thrus. How many
>>>> people take advantage of a tool that helps them make a better password
>>>> when it’s available? (you might see where we’re doing with this).
>>>>
>>>> Take a look, and feedback appreciated (keep in mind I’d love to keep it
>>>> down to one screen though).
>>>>
>>>> Ryan Feeley
>>>> UX, Cloud Services
>>>> Mozilla UX
>>>> IRC: rfeeley
>>>>
>>>> _______________________________________________
>>>> Dev-fxacct mailing list
>>>> [email protected]
>>>> https://mail.mozilla.org/listinfo/dev-fxacct
>>>
>>> _______________________________________________
>>> Dev-fxacct mailing list
>>> [email protected]
>>> https://mail.mozilla.org/listinfo/dev-fxacct
>>
>> _______________________________________________
>> Dev-fxacct mailing list
>> [email protected]
>> https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
