[Sugar-devel] [PATCH Browse] Start password manager

[Simon Schampijer]

On 07/01/2011 01:12 PM, Gary Martin wrote:
> On 30 Jun 2011, at 21:03, Sascha Silbe<silbe at activitycentral.com>  wrote:
>
>> With todays plethora of sites using passwords for authentication a password
>> manager in the browser is important not just for convenience, but also for
>> security. Most humans can't remember more than a few secure passwords.
>> Without storing passwords in the browser they use weak passwords and/or the
>> same password for many sites.
>>
>> Passwords are stored unencrypted by default. This is consistent with the
>> security model of most deployments (no login passwords either).
>>
>> Individual users can set a password by accessing the internal URL
>> chrome://pippki/content/changepassword.xul . However this password needs to
>> be entered once per Browse session. Solutions like disk encryption that are
>> at the same time more convenient (a single password per login) and more secure
>> (all data gets encrypted, not just passwords to websites).
>>
>> The UI isn't pretty [1], but we can still improve on that later on.
>
> Eewww! I see what you mean by 'isn't pretty' ;) Ideally this should be presented in the same way as our Sugar alert panel that appears below the toolbar (e.g. like the download continue/cancel countdown alert).
>
> Regards,
> --Gary

Yes, agreed. If you want to enable it by default it should have a nicer 
interface. As Gary pointed out, alerts are a good way to deal with it.

Regards,
    Simon