Specific items from the Firefox3/Product Requirements Document:
- P1 / PASS-001a -- Only let the user save the password after they know the login has succeeded
- P2 / PASS-001c -- Improve usefulness of password manager
- P2 / PASS-001d -- Improve discoverability of autofill UI for multiple accounts on the same site
- P2 / PASS-001e, f -- Improve "Show passwords" window. EG, searching.
- P2 / PASS-001g -- Simplify and promote the use of Master Password
Other (some overlap):
- Get rid of popup modal dialogs where possible
- Opportunities to unify UI
- Make management and use of multiple logins less confusing
Out of scope for this pass:
- P2 / PASS-003a -- Generate random passwords for user
- Investigate the possibility of authentication-in-chrome for new content authentications schemes to use (OpenID too?)
Existing UI Touchpoints
- Authentication provided by user
- Master Password popup
- Enable/Disable Master Password pref
- Change Master Password Dialog
- HTTP authentication popup
- Proxy authentication popup
- Form fields in content
- Master Password popup
- Controlling what Firefox remembers
- Saving user-provided authentication (except Master Password)
- Blocking Firefox from certain places ("Never for this site")
- Deleting existing logins
- "Show Passwords" window in prefs
- Shift-delete in an autocomplete field (only when multiple logins exist)
- "Show Exceptions" window in prefs
- Clear Private Data
- Saved Passwords
- Authenticated Sessions
UI Design / Mockups
- Replaces modal "Remember Password? Yes/No/Never" with a notification bar (ala popup-blocked notification bar)
- Replaces "Use Password Mananger to remember this password" checkbox on HTTP auth popup
- Visual appearance of the notification bar, color, transparency, vertical height?
- Overlay vs. pushing content down vs. pushing UI up
- How to dismiss the bar: close button vs. clicking anywhere else (content-only?) vs. forced choice. How to undo?
- Confirmation of saving/updating the stored password?
- How to deal with multiple notification bars being requested
- Allowing filtering list of stored logins
- Allow editing some fields in-place?
- Sort list by eTLD
- The primary column ('hostname') should be JUST the hostname.
- ...and port, if non-standard?
- No 'http[s]://'.
- ...Leave ftp:// there since it's uncommon (?)
- ...Create a separate protocol column? And/or a column to indicate secure-only?
- Presenting cases where there are multiple logins
- For HTTP auth, need a "simple" bugfix to allow using a dropdown in the username field to select from multiple accounts
- Not sure what more to do with form fields.
- Mutate textfield into an editable menubox (so the dropdown widget gives a visual cue)?
- Autofilling the last-used value (instead of leaving it blank) might help a little bit. Instead of seeing nothing ("firefox is broken") seeing one login might shift you to thinking that it's working, but you somehow can select a different value. OTOH, this is probably just wishful thinking :)
- Automatic login? We would need to design a second bar that lets users undo the automatic log in