Hi Mark, I'm really down on browser-only password managers. A
browser-only password manager is of limited use if it cannot be used to
by standalone apps on mobile devices. Like ckarlof said in the
referenced bug, password managers are useful when they can be used
*everywhere* the users go. On mobile devices, the browser is only one
app of many where users must authenticate.
A solution that has deep OS level integration and can be accessed in any
app is the ideal, otherwise the password manager is a partial solution
that causes frustration can end in bad password practices by the user.
For example, If I introduce my wife to the (theoretical) Firefox
password manager that makes it easy for her to sign up to a site with a
super strong password but fails to provide her with a mechanism to sign
into that site's standalone app, she's not going to be very happy with
either Firefox or me and is going to change her password to some easy to
remember, easy to type 8 character word she probably uses on another 20
sites.
If our solution had deep OS level integration and is usable by any app,
like Keychain or Lastpass, then yes, that's awesome and you can ignore
me. Otherwise, meh.
Shane
On 16/10/2014 04:00, Mark Finkle wrote:
I'm not suggesting you stop with the prototype, but I am pushing Mozilla
to add this kind of feature to Firefox itself, and allow all websites to
have access to stronger password generation, saved to Firefox's password
manager and sync'd across devices. We are already behind:
http://www.computerworld.com/article/2602955/security0/google-updates-chromes-built-in-password-maker.html
http://9to5mac.files.wordpress.com/2013/10/screen-shot-2013-10-24-at-7-51-45-pm.png?w=704
_______________________________________________
Dev-fxacct mailing list
Dev-fxacct@mozilla.org
https://mail.mozilla.org/listinfo/dev-fxacct
