Re: MASTER PASSWORD OVER KILL !

[Bill Davidsen]

John Doue wrote:
On 5/17/2010 3:37 AM, Bill Davidsen wrote:
JOLAN1 wrote:
Aloha!
There is something very wrong with SeaMonkey 2.04, or my installation
is somehow badly screwed up! Initially, it asked for our Master
Password at logon, which I disabled in about:config. But...
subsequently, it asks for the Master Password when: downloading e-
mail, accessing any one of our credit accounts, accessing banking
accounts, making auto payments, paying for our internet service, on
and on, even wants a Master Password to get on MozzilaZine !!! Real
bother and we're using Master Password so often...might as well not
have one.

If you don't want MP protection turn it off. I don't know what you
messed with in config, but the way you disable that is to set it to an
empty string.

This past week, we had to hire a temporary book keeper because ours
was out sick. The first day we had to be out of the office; came back
to find one very frustrated woman! She couldn't access anything she
need to on the internet because she didn't have the Master Password.
Cost me $$ for the day -- upsetting, to say the least.

Yes, if you had just disabled your MP then the temp could have stolen
every passwork in the machine. Or do you totally trust your temps?

All our accounts are user name/password protected. Adding the Master
Password is overkill, useless and absurd. I've told everyone to
uninstall 2.04 and put 1.18 back on until we can get some fix for
this.

There is nothing to fix other than your understanding of the correct 
usage.

Is there any way to disable all these requests for a Master
Password ???

I've mentioned it here, others have posted it, if you want it off, turn
it off. You now have zero security. Anyone can view all the saved
passwords in clear. Setting the "ask me later" config works fine, as
long as you have an idea what "ask me later" implies.

Another issue I've been seeing recently is that 2.04 starts slowing
down the longer I've been on the Internet, to the point that it can't
connect to web sites, like Yahoo News, for example. Tried shutting
down and restarting, same issue.
Meanwhile, 1.1.18 works like a charm...all the time.

For values of charm mapping to "with no security."

BTW: the correct way to do this is to have a profiles for temps, having
only the passwords they need, and have an employee enter the MP so the
temps can't use it to view passwords. Giving a temp MP or running
without one is utterly unsafe.

If SM has a fault it's that there is no way to have a "sub-master"
password to use the information but not view it.

I have followed with a lot of interest this thread, but it seems to me, 
the 1.1.19 behavior is what most users regret, I included. The setting 
signon.startup.prompt does not work for me. Neither the setting "only 
when it is needed". SM2 (2.04) requires it immediately after launching 
in Browser mode. And my default page, Yahoo.com, does not require a 
password.

You are totally right, it used to work perfectly, now it sucks. It's fine if you 
have one and only one user who has the password, but NG if you want to let 
someone use the browser for something.

Ideally there would be TWO passwords, one to use (but not view) saved passwords, 
and one which does what the current MP is doing.

IMHO, the master password should not be requested before it is *really* 
needed, but SM2 understanding of "when it is needed" baffles me: just 
launched the browser in SM2 should not meet that criteria, until you 
want to get into a site that requires a password.

Why is this so broken?

I have asked and gotten two answers:
1 - it's better this way (as in less secure and clumsey to use being "better?")
2 - that's the way the people at Firefox want it and we're not allowed to change 
how it works.

Am I oversimplifying things?

You are assuming that the problem is technical rather than political. I don't 
know if that's oversimplifying things or not.

--
Bill Davidsen <david...@tmr.com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey