On 7/26/2013 1:14 PM, Mark Finkle wrote:
I worry about this approach in that Firefox does not know my Facebook
password unless I ask Firefox to save it. Even then, just because I
save my password in Firefox does not mean I want Firefox to auto-login
to services using that password. What if I save three different
passwords for three different usernames in my Firefox?
We should be more explicit about password usage and logging into services.
If we think we can use Firefox stored credentials to smooth the flow, (I
do) I think we should definitely explore this further.
We need two things from a user to make Sync go. We need a verified
email address and we need a password. We need the email address for all
future account management (and for use as a auth username) and we need a
password so the user can securely auth additional devices.
Let's presume that at Sync Sign Up we ask the user for an email address
and a Sync password and they give us [email protected] and their Yahoo
password. Now, we've got the two things we need from a user, a verified
email address and a password. The email ownership is verified by the
password manager or some quiet lookup we do with those credentials
because the password manager match gave us enough confidence to do a
potentially expensive lookup. The password happens to be the user's
Yahoo password and not a Firefox Sync specific password but there's not
much we can do to try to stop that. It's gonna happen for enough of our
users that discouraging it seems counter-productive and not utilizing it
when the user does give it to us seems wasteful and user-hostile.
So, the user has given us what we need to go. Why would we ask the user
to jump through any further hoops? This could bring the experience to
"parity" with our competitors who already have hundreds of millions of
user accounts.
- A
------------------------------------------------------------------------
There's been an idea kicked around repeatedly by andreas and ekr
that we could do login to picl *implictly* based on browser
knowledge of sites you visit.
The idea goes something like this "given that PiCL is inside the
browser, and the browser knows your identity on various sites,
couldn't we just use the accounts you already have to sign you
into PiCL".
This idea represents a significant divergence from what we're
doing now, building Firefox accounts.
If it has legs, we should understand now. If it doesn't, we
should understand now so we can stop talking about it and continue
to cruise. Let's have this conversation now, it'll be fun!
Andreas or Ekr, Take the stage and explain how this might work!
Questions to kick you off:
1. As a user, I set up sync on my desktop browser by XXXX
2. As a user, I link my android device to the sync account used on
my desktop by XXXX
lloyd
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
