canmove, Confirmed users
285
edits
Security/Features/HighlightCleartextPasswords: Difference between revisions
Security/Features/HighlightCleartextPasswords (view source)
Revision as of 23:41, 14 May 2012
, 14 May 2012no edit summary
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
* When the user clicks on the warning icon (or any part of the input box?), a doorhanger pops up with text that says something like, "This will submit your password unencrypted/This is an unencrypted page." If we can determine the ssl version of the page, also include something like, "Click here to go to the encrypted version of this page." | * When the user clicks on the warning icon (or any part of the input box?), a doorhanger pops up with text that says something like, "This will submit your password unencrypted/This is an unencrypted page." If we can determine the ssl version of the page, also include something like, "Click here to go to the encrypted version of this page." | ||
* If the user mouses over the password input box (as opposed to click on the icon), they will also get a similar message in a Tooltip OR a constraint validation box. This will overwrite any tooltips/custom validation the website may have set. | * If the user mouses over the password input box (as opposed to click on the icon), they will also get a similar message in a Tooltip OR a constraint validation box. This will overwrite any tooltips/custom validation the website may have set. | ||
* Do not autocomplete username and password if it's saved in Password Manager (require the user to go through the multi-user experience in password manager) | |||
Open Issues: | Open Issues: | ||
| Line 44: | Line 45: | ||
* Integration with Password Manager. If a page has a highlighted password field, should passwords not automatically be populated by Password Manager? If we did this, and a user wanted the password autofilled anyway, how would they do that? What would the UX look like? | * Integration with Password Manager. If a page has a highlighted password field, should passwords not automatically be populated by Password Manager? If we did this, and a user wanted the password autofilled anyway, how would they do that? What would the UX look like? | ||
** It would go through the multi-user experience (ex: when there are two usernmae/password pairs stored for a site, the password isn't filled in until the user selects the username) | ** It would go through the multi-user experience (ex: when there are two usernmae/password pairs stored for a site, the password isn't filled in until the user selects the username) | ||
** Should we set autocomplete=off for username and passwords? | |||
* For mixed content pages, how do we differentiate between script content and display content. Is there already a defined variable with this information (or will there be after https://wiki.mozilla.org/Security/Features/Mixed_Content_Blocker and https://bugzilla.mozilla.org/show_bug.cgi?id=62178 are complete)? | * For mixed content pages, how do we differentiate between script content and display content. Is there already a defined variable with this information (or will there be after https://wiki.mozilla.org/Security/Features/Mixed_Content_Blocker and https://bugzilla.mozilla.org/show_bug.cgi?id=62178 are complete)? | ||
| Line 120: | Line 122: | ||
* First phase only for pages where you can login securely. So that there is something the user can do about it. | * First phase only for pages where you can login securely. So that there is something the user can do about it. | ||
* User has to hit the enter key twice to submit their password. If they click login button then it just submits (no double click needed). This might be good if the icon only shows up on focus (and hence the user might miss it). | |||
* Overwriting placeholders or messing with the placeholder text that might be a label: "The placeholder attribute should not be used as an alternative to a label." See http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#the-placeholder-attribute | |||