Closed Bug 1569848 Opened 5 years ago Closed 5 years ago

Show indicators on saved logins that are re-using those breached passwords

Categories

(Firefox :: about:logins, enhancement, P1)

Product:
Firefox
Component:
about:logins
Version:
70 Branch
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 76
Tracking Flags:
Tracking Status
relnote-firefox --- 76+
firefox76 --- verified

People

(Reporter: groovecoder, Assigned: jaws)

References

(Blocks 1 open bug)

Details

User Story

See updated Invision spec: https://mozilla.invisionapp.com/share/BEU7ZBJ486Y

Add link to Sumo page for learn more link

Attachments

(2 files, 3 obsolete files)

passwords-vulnerable-24.svg
(deleted), image/svg+xml
Details
Bug 1569848 - Mark logins as vulnerable if they use a password shared with a breached login by the same user. r?MattN
(deleted), text/x-phabricator-request
Details

In addition to showing “red alert” breach indicators on saved logins with passwords older than breaches, we should show “yellow alert” indicators on saved logins that are re-using those breached passwords.

Depends on: 1569847

Depends on D41096

As noted in bug 1576047, these indicators are inaccessible. I mention this here because this patch hasn't been landed yet.

Thanks for the heads-up! The "yellow alert" indicators won't be the final UI for this feature.

Attachment #9083828 - Attachment is obsolete: true
User Story: (updated)
status-firefox70: affected → ---
Flags: qe-verify+
Priority: -- → P2
Summary: show “yellow alert” indicators on saved logins that are re-using those breached passwords → Show indicators on saved logins that are re-using those breached passwords
Attached image passwords-vulnerable-24.svg (deleted) —
Component: Password Manager → about:logins
Product: Toolkit → Firefox

This is part of the vulnerable passwords project MVP.

status-firefox76: --- → affected
Priority: P2 → P1
Assignee: nobody → jaws
Status: NEW → ASSIGNED
Attachment #9088888 - Attachment is obsolete: true
Attachment #9134516 - Attachment is obsolete: true
Attachment #9134535 - Attachment description: Bug 1569848 - Mark logins as vulnerable if they use a password shared with a breached login by the same user. → Bug 1569848 - Mark logins as vulnerable if they use a password shared with a breached login by the same user. r?MattN
Pushed by jwein@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/334e2dd4e253 Mark logins as vulnerable if they use a password shared with a breached login by the same user. r=MattN

https://hg.mozilla.org/mozilla-central/rev/334e2dd4e253

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox76: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 76

I have verified this issue using the latest Nightly 76.0a1 (Build ID: 20200401212659) on Windows 10 x64, Mac 10.14, Ubuntu 18.04 x64.

  • A saved login that has the same password as a breached one is marked as vulnerable.
Status: RESOLVED → VERIFIED
status-firefox76: fixedverified
Flags: qe-verify+
Depends on: 1628165

Release Note Request (optional, but appreciated)
[Why is this notable]: Logins that share a password with a breached login will show a warning asking users to change their saved password.
[Affects Firefox for Android]: no
[Suggested wording]: A notice requesting users change their password will be shown in Firefox Lockwise (about:logins) for saved passwords that have been used with another account that was likely in a data breach.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/firefox-lockwise-alerts-breached-websites

relnote-firefox: --- → ?

Added to the Fx76 relnotes.

relnote-firefox: ?76+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: