Firefox:Password Manager:UI

From MozillaWiki
Jump to: navigation, search


Specific items from the Firefox3/Product Requirements Document:

  • P1 / PASS-001a -- Only let the user save the password after they know the login has succeeded
  • P2 / PASS-001c -- Improve usefulness of password manager
  • P2 / PASS-001d -- Improve discoverability of autofill UI for multiple accounts on the same site
  • P2 / PASS-001e, f -- Improve "Show passwords" window. EG, searching.
  • P2 / PASS-001g -- Simplify and promote the use of Master Password

Other (some overlap):

  • Get rid of popup modal dialogs where possible
  • Opportunities to unify UI
  • Make management and use of multiple logins less confusing

Out of scope for this pass:

  • P2 / PASS-003a -- Generate random passwords for user
  • Investigate the possibility of authentication-in-chrome for new content authentications schemes to use (OpenID too?)

Existing UI Touchpoints

  • Authentication provided by user
    • Master Password popup
      • Enable/Disable Master Password pref
      • Change Master Password Dialog
    • HTTP authentication popup
    • Proxy authentication popup
    • Form fields in content
  • Controlling what Firefox remembers
    • Saving user-provided authentication (except Master Password)
    • Blocking Firefox from certain places ("Never for this site")
    • Deleting existing logins
      • "Show Passwords" window in prefs
      • Shift-delete in an autocomplete field (only when multiple logins exist)
      • "Show Exceptions" window in prefs
    • Clear Private Data
      • Saved Passwords
      • Authenticated Sessions

UI Design / Mockups


Notification Bar

  • Replaces modal "Remember Password? Yes/No/Never" with a notification bar (ala popup-blocked notification bar)
  • Replaces "Use Password Mananger to remember this password" checkbox on HTTP auth popup
  • Visual appearance of the notification bar, color, transparency, vertical height?
  • Overlay vs. pushing content down vs. pushing UI up
  • How to dismiss the bar: close button vs. clicking anywhere else (content-only?) vs. forced choice. How to undo?
  • Confirmation of saving/updating the stored password?
  • How to deal with multiple notification bars being requested

Password Management

  • Allowing filtering list of stored logins
  • Allow editing some fields in-place?
  • Sort list by eTLD
  • The primary column ('hostname') should be JUST the hostname.
    • ...and port, if non-standard?
    • No 'http[s]://'.
    • ...Leave ftp:// there since it's uncommon (?)
    • ...Create a separate protocol column? And/or a column to indicate secure-only?


  • Presenting cases where there are multiple logins
    • For HTTP auth, need a "simple" bugfix to allow using a dropdown in the username field to select from multiple accounts
    • Not sure what more to do with form fields.
      • Mutate textfield into an editable menubox (so the dropdown widget gives a visual cue)?
      • Autofilling the last-used value (instead of leaving it blank) might help a little bit. Instead of seeing nothing ("firefox is broken") seeing one login might shift you to thinking that it's working, but you somehow can select a different value. OTOH, this is probably just wishful thinking :)
  • Automatic login? We would need to design a second bar that lets users undo the automatic log in