On Oct 3, 2014, at 7:22 AM, Ryan Feeley <[email protected]> wrote:
> I showed the password playground to a friend (and xoogler) yesterday who was > strongly opposed to us deploying this on anything but one site (e.g. we > should not make this available for other sites to use as a service on the > web). If sites starting linking to the playground from their password > manager, we would indirectly be encouraging password reuse. He felt that > people would just start using the playground like a password generator > entering the same phrase everywhere. > > He suggests that instead of a 1Password-style password manager, we should > instead be exploring a password generator not unlike: > https://oneshallpass.com/ > or > http://www.supergenpass.com/mobile/ > …which combines a phrase with the hostname and generates a strong password, > but doesn’t actually store passwords. > > There are a upsides and downsides to this approach as it’s so radically > different, but I’m going to explore the idea of native support in the > browser, likely in some kind of Australis-menu item. > I agree you’d want to salt the passwords in some way. Doing based on the domain has been proposed before, but it’s challenging. What if you want to change the password for a single site? -chris > Ryan Feeley > UX, Cloud Services > Mozilla UX > IRC: rfeeley > > On Oct 2, 2014, at 12:24 PM, Jared Hirsch <[email protected]> wrote: > >> >> On Oct 2, 2014, at 8:28 AM, jgruen <[email protected]> wrote: >> >>> Here’s the prototype I built for intern Greg this >>> summer:http://people.mozilla.org/~jgruen/passwords/mnemonic/#mn-two >>> >>> Ryan, your mockup shows color changing letters in a <textarea>, whereas my >>> prototype uses a second <div> to highlight first chars of each substring. >>> Off the top of my head, IDK how to implement the color change directly in a >>> <textarea>. I’m sure there’s a hack out there somewhere, but I’m open to >>> suggestions. >> >> Here's an idea: instead of a textarea, you could use a sized div with a >> solid border and contenteditable set to "true". >> >> You could drop in some jQuery if you need it to be draggable-resizable. >> >> Have fun :-) >> >> Jared >> >> >>> >>> JG >>> >>> >>> On Oct 1, 2014, at 6:19 PM, Chris Karlof <[email protected]> wrote: >>> >>>> Nick and Shane, also. >>>> >>>> I’m thinking something very quick and dirty here. Maybe something we can >>>> enable/disable with a feature toggle, or only show to a small number of >>>> users to start. >>>> >>>> -chris >>>> >>>> >>>> >>>> On Oct 1, 2014, at 3:11 PM, Ryan Feeley <[email protected]> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I had a chat with Chris Karlof today about a tool to help users create >>>>> better passwords. Based on some early work I did, and further development >>>>> by Greg Norcie and John Gruen, I’m hoping we can create a little wizard >>>>> to do just that. >>>>> >>>>> I created an issue which includes a link to the wireframes: >>>>> https://github.com/mozilla/fxa-content-server/issues/1732 >>>>> >>>>> This is something we can deploy for FxA but also eventually offer to >>>>> other sites on the web as a service (they can link or use an iframe >>>>> overlay). >>>>> >>>>> Zaach and Vlad, is this something that’s possible for the next two weeks? >>>>> >>>>> Katie, we’d also like to track impressions and click-thrus. How many >>>>> people take advantage of a tool that helps them make a better password >>>>> when it’s available? (you might see where we’re doing with this). >>>>> >>>>> Take a look, and feedback appreciated (keep in mind I’d love to keep it >>>>> down to one screen though). >>>>> >>>>> Ryan Feeley >>>>> UX, Cloud Services >>>>> Mozilla UX >>>>> IRC: rfeeley >>>>> >>>>> _______________________________________________ >>>>> Dev-fxacct mailing list >>>>> [email protected] >>>>> https://mail.mozilla.org/listinfo/dev-fxacct >>>> >>>> _______________________________________________ >>>> Dev-fxacct mailing list >>>> [email protected] >>>> https://mail.mozilla.org/listinfo/dev-fxacct >>> >>> _______________________________________________ >>> Dev-fxacct mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/dev-fxacct > > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
