Toolkit:Password Manager/2015/Master Password: Difference between revisions
Jump to navigation
Jump to search
(Add headings and a flow chart) |
(describe the 3 different modes) |
||
| Line 12: | Line 12: | ||
[[File:Master Password-Flow.png|1000px]] | [[File:Master Password-Flow.png|1000px]] | ||
==Description== | |||
There are three different modes that users can choose from: | |||
# ''no master password'': passwords are stored in '''plain text''' on the local machine | |||
# ''separate master password'': the contents of the password manager are encrypted using a '''key derived from a separate password''' that users choose, and they must enter this password to unlock the password manager | |||
# ''[[Firefox Accounts]] password'': a '''new encryption key derived from the FxA password''' is used to encrypt the password manager, and that key is '''backed up''' on the Firefox Accounts server to enable recovery should users forget their FxA password | |||
The first two modes reflect what is currently implemented in Firefox, only the third one is new. | |||
===Interaction with Sync=== | |||
In all three modes, users can choose whether or not to use [[CloudServices/Sync|Firefox Sync]] to synchronize the contents of the password manager across their multiple devices. | |||
This is completely orthogonal to whether or not the user chooses to encrypt the password manager locally. | |||
Revision as of 02:41, 29 January 2015
This is a proposal for revamping the Master Password feature currently found in the Firefox Password Manager, as part of the Cloud Services Password Manager work.
Goals
The main goal is to have a password manager that is:
- safe from local attackers (e.g. nosy family members can't get to it)
- available online and offline (i.e. no need to be online to unlock it)
- recoverable by email in case the master password is forgotten
User Interaction
Description
There are three different modes that users can choose from:
- no master password: passwords are stored in plain text on the local machine
- separate master password: the contents of the password manager are encrypted using a key derived from a separate password that users choose, and they must enter this password to unlock the password manager
- Firefox Accounts password: a new encryption key derived from the FxA password is used to encrypt the password manager, and that key is backed up on the Firefox Accounts server to enable recovery should users forget their FxA password
The first two modes reflect what is currently implemented in Firefox, only the third one is new.
Interaction with Sync
In all three modes, users can choose whether or not to use Firefox Sync to synchronize the contents of the password manager across their multiple devices.
This is completely orthogonal to whether or not the user chooses to encrypt the password manager locally.