If you need a password for a mail server, then mail should focus the folderlist and visibly attach the password request to the mail server.
If you need a password for an image, then there should be a password prompt (not a dialog) in the email near the image placeholder.
The password required image placeholder would be hot. Clicking/selecting it would expand the prompt to its full size. The prompt would float above the rest of the mail content but would live within the content area, so it would scroll with the content and would be covered by anything which covers the window. Dragging the window would of course drag the password prompt since it's part of the window content.
So... If you do manage to select the icon or click it, you would see something like this:
.___________________________________________________________________________. | | This image requires a password, the email says that it will be 1x1. | |o-+,| The resource URL is: <http://129.129.129.129/something.jpg> | |____| | | Remote Host: 129.129.129.129 | | Resource: /something.jpg | | Username: [ ] | | Password: [ ] | | <Show Image> <Hide Image> <Trust ?> | | | | If you aren't sure whether you should trust this prompt you may click the | | Trust button to see a traditional password prompt. Please check the | | Mozilla Help Index under "Images, Trusting Inline" to see what this | | prompt should look like, what it means and how to verify that it's a real | | prompt from Mozilla Mail. | |___________________________________________________________________________|For bigger (and therefore more important/useful) images you'd have a better chance of seeing that there's content which is password protected.
The developer suggested a big red/!\but in fact that's the problem, it gives the request too much authority. The goal is to make the prompt look less like a system dialog and more like it came from the email itself.
The developer is still concerned that people might "blindly fill in their mail password".
But the question is, would they, would you, fill in your email password into an html-like form inline in an email from an unfriendly source?
My hope is that if it's essentially an html-style form in an email, you would really think twice before entering your mailnews password.
Let's actually look at the SMTP auth dialog, because it's by far the worst case. Normally, a dialog is at least associated with a window so that the user knows its origin. When you send a message and Mail needs your SMTP password, the main mail threadpane window opens the dialog instead. - Talking about confusing :(.
+=+===========================================================================================+ |#| Plans for Spring Break - Composition [_][O] [x]| +-+-------------------------------------------------------------------------------------------+ |/| File Edit View Options Tools Window Help | +-+-------------------------------------------------------------------------------------------+ |/|[ Send ] | [ Address ] [ Attach ] [ Security |v] | [ Save ] [ M ]| +-+---------------------------------v-----------------v---------------------------------------+ |/| From john@example.com | Attachments | Sending Message ... Password Required | |/| To: jill@example.com | (none) >---------------------------------------< |/| CC: jane@example.com | | Identity: [ john@example.com |v] | |/| Subject: Plans for Spring Break | | SMTP Server: [ smtp.example.com:25 ] | |===================================^=================| User Name: [ john ] | | Hello, | Password: [ ******** ] | | I'm going to the beach from Friday through Tuesday. | < Cancel > < Login & Send Message > | | Would you like to get together on Wednesday, maybe >------------------vvv------------------< | we could have a picnic? | Connected to smtp.example.com:25 |^| | | 220 smtp.example.com ESMTP Sendmail |H| | John | EHLO smtp.example.com ||| | |<[======]--------------------------->|v| +-----------------------------------------------------+---------------------------------------+ | o o o o o o | | Size: 4 lines | Signed: [ john@example.com |v] | ->>- | +=====================================================^=======================================+
Well, normally when you want to read mail you're in the main mail window. The main window has a folder list which contains all of your mail/news servers and their folders. If you choose to get mail, you get a dialog which asks for a password.
._Mail folders_____/_H-Thread Pane here- | user@localhost____.H | |protocol: IMAP |H | |server:localhost |H | |username: user |H | |password:[******]|H | |<Login> <Trust ?>|H | |<Config> <Cancel>|H | |_________________|< |-user2@mail < | |i Inbox < | |o Outbox H | |s Sent Folder H | |t Trash H-Message Preview Somewhere over here- | |- Other H | || Humor H | |\ Something H | \+ Stuff H |____________________H
| This image requires a password, the page says that it will be 1x1. | The resource URL is: <http://129.129.129.129/something.png> | | Remote Host: 129.129.129.129 | Resource: /something.png | Username: [ ] | Password: [ ] | <Show Image> <Hide Image> <Trust ?> | | If you aren't sure whether you should trust this prompt you may click the Trust button to see a | traditional password prompt. Please check the Mozilla Help Index under "Images, Trusting Inline" | to see what this prompt should look like, what it means and how to verify that it's a real prompt from | Mozilla Browser.