Mozilla Connect

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Hi,

I got the request. I have searched a lot of information about this matter without finding a good solution.

Imagine a production environment where there exists a system administrator that has created and installed the accounts on Thunderbird.

To avoid these accounts to be used from other locations or purposses we can not hide this information, what implies a serious security problem.

Thanks for your help and suuport.

Best Regards 

@javierirun1 I am confused. I have read your post several times, and I do not understand it. Can you rephrase?

Set the preference to hide the password by default, and then those of us who want to be able to always see our passwords can change it. With the ever-increasing required complexity of passwords, I really need this feature. There's never anyone looking over my shoulder. I am always alone in my home.

I don't see why the toggle is okay but always showing is not. It should be the user's choice, but I cannot change it even by using about:config.

Thanks @fugueink.  I'm also confused by the comment by @javierirun1. 

Maybe he means that a system admin would worry that if users could change the default setting to show passwords, then at some point those passwords could be exposed to prying eyes at airports, etc.  I can see the sense in that.  Seems a bit of overkill, but I'd worry too if I were in the sys admin's shoes.

So maybe only allow those with administrator rights to make this change.  If things are still the same as during my corporate days, users can't log-in as administrator on their company computer.  😁

That way you, I, and other carefree users could log in as administrator and still change the setting.

Hi to both @fugueink and @mg1881,

I will try to give a little more of information about this issue talking about my personal experience.

I am a sysadmin, as you say watching saved passwords is not a problem for personal/home users but It can be a REAL SECURITY PROBLEM in a production environment.

So, think about a LAN with several machines that are being shared by many persons in different work shifts. The PASSWORDS can be watched by anyone in a couple of steps. I could take that info and install the account at home ... or even use this information after leaving the company before the passwords are renewed.

So, I think that this is a SERIOUS problem, we know that almost all the SECURITY measures can be broken but not with a simple step or query.

For instance, if I could hide the button to see the password using the configuration editor (the editor should also be password blocked) this would be enough for almost all the users.

Or even if this information is encrypted ... this can be enough to curious eyes or butterfingers.

I think that this information is too important so that you can be accessed that easy.

So, we know that your car your can be stolen but do not leave the keys in.

Thanks

This would be an step in the direction of sanity.

I would ask developers if they could do this for the benefit of civilisation and mankind generally.

Just to upvote this suggestion has taken me 5 minutes (but not counting this comment) all because I must create ANOTHER account and login before I can upvote. Any idea of the number of hours an average computer-active person might spend per year inputting, creating, changing (sometimes because, for no apparent reason, they no longer work) usernames and passwords ? And then make it so that they must contain a number, a lower-case, an upper-case, a special symbol and then make it so they CAN'T ACTUALLY SEE what they are typing ? The joke is over, surely? Time for common sense now.

Thank-you.

@javierirun1You describe why YOU want no passwords visible but you are in a totally different use-case to me and others.

In my use-case the car is in the garage behind a locked door within a compound, whether the keys are in or not doesn't really make much difference.

In any case, if you are a system boss you should be able, very very easily, to disable this feature (even though it will obviously be already default disabled) so it shouldn't really concern you very much.