On 2009-10-14 11:37 PDT, Honza Bambas wrote: > Nelson B Bolyard wrote: >> By the way, I REALLY REALLY wish that the password manager would use that >> when you click the button to reveal the passwords, instead of doing what >> it does now, which forces you to re-enter the master password, even if >> you've JUST entered it. > > Isn't it just the protection? How should the software recognize that in > 10 seconds after I entered the master password there is not another > person that tries to see all my passwords?
As you know, the user can configure the amount of time after he enters his master password before he is automatically logged out, and must re-enter it. It can be configured to be infinite (ask only once), or ask every time, or ask after so-many minutes of time have elapsed. I'd say that, when the user has chosen a number of minutes, we should honor that, and not ask him to re-enter his password more frequently than that. If the user has chosen infinite (which is the default for Firefox) then in that case, I think it's reasonable to ask him for it again before revealing passwords, even though that's more frequent than he has specified. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
