RFE: Do not save password

Giving that saving passwords is always a potential security threat, it would be great to have the option -- for each account configured in XN -- not to save the password. For every account where that option is activated, XN should skip the periodic check, and show the account in an inactive state (for example, in gray color) in the account list (left-click menu of the XN icon). And when the user clicks on that account in the account list, XN should asks for the password, then start doing periodic checks as usual. XN should only remember the password (somewhere in memory but nowhere on the disk) as long as the current browser session lasts. Ideally, XN should not remember the password as all if the session cookie for an account is valid indefinitely. In that case, XN can just use the password to get the cookie, then forget the password and use the cookie until the end of the browser session. Now, this is probably different for each provider and may be tricky to implement. I was a longtime user of Firefox GMail Manager by Todd Long, and it worked that way. The successor, GMail Manager NG, can be found here: https://github.com/nedwidek/firefox-gmail-manager-ng

tobwithu's picture

I think it's a good idea.I'm working on this now.

My XF was updated to 3.3 today, which supposedly supports this feature. So I removed the password of the account, then clicked "Check Now" -- but nothing happened. XF didn't ask for the password, and the account is shown in red (meaning checking failed) instead of gray (meaning checking not started, as I've suggested). I wondered what was wrong, restarted Chrome and checked the XN website, but still got no idea. It wasn't until I clicked on the red account name that I got the password prompt.

The current implementation is rather confusing, because the same color should indicate the same status. Red used to mean checking failed (either server unreachable or authentication failed), but not it also means checking not started. It would be much clearer to use three different colors: Purple for server unreachable, red for authentication failed, and gray for checking not started. Plus black meaning everything OK, of course.

Also, since clicking on the account name used to open the actual account, I suggest adding two buttons in the new password entry dialog: Instead of "OK", there should be "Open account" (which opens the account using the password, but does not remember the password, and does not start the period check), "Open account & start checking", "Start checking" (same as the current "OK").

RpD's picture

Currently... in this episode of XN 3.3a2

First click on XN account (enter password) is "Start checking"

Second/subsequent click on XN account (no password entry) is "Open account (continues checking)"

---------------------
Having a separate bookmark to the webmail login page would be "Open account" (no remembering/no checking).

If you allow remembering of -some- input, you can double-click username input box and get a drop-down list with acct name(s), or start typing and see such a list... no passwords.

Just FYI.

 

CFBancroft's picture

For general color-blind.

Yellow for server unreachable (#FFEECC)

Red for authentication failed (#FF9999)

Blue without password (#AADDDD) (That if background is WHITE.)

Grey for sub-folder/everything OK.

Black for Main/Notify inbox only/everything OK.

You can look up internet more info
http://en.wikipedia.org/wiki/File:Safe_Chart_Colors-F99-FEC-ADD.jpg

Read more info about color blind.
http://en.wikipedia.org/wiki/Color_blindness

Myself is Deuteranomaly.
I rather to use those color
http://www.color-hex.com/color-palette/365

Thanks, CFBancroft