[Sync] Managed account > change password: don't ask double password before change the old password

RESOLVED DUPLICATE of bug 995993

Status

Cloud Services
Server: Firefox Accounts
RESOLVED DUPLICATE of bug 995993
3 years ago
3 years ago

People

(Reporter: Sandro kensan, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Build ID: 20150401154227

Steps to reproduce:

1) have a firefox sync account working
2) preferences > Sync > Manage Account > Change password...
3) enter the same password but short: 
example: old password: password123
4) enter password1
5) press return


Actual results:

The password new password is accepted


Expected results:

The new password could be not accepted, only two identical password must to be accepted.

If you reenter "password1" the program show you "the password must not to be identical to the old password.

Sync on Firefox 31.6.0
Component: Untriaged → Firefox Sync: Crypto
Product: Firefox → Mozilla Services
Version: 31 Branch → unspecified

Updated

3 years ago
Component: Firefox Sync: Crypto → Server: Firefox Accounts
:sandro - thanks for the bug report. Could you further explain the problem? Do you see this with "change password", or "reset password?"

My test cases, using the original password "password123".

Test1 - change password - old & new password are "password123"
Result: Error - "Your new password must be different"

Test2 - change password - old password "password123", new password "password1"
Result: Success - "Password changed successfully"

Test3 - change password - old password "password1", new password "password1"
Result: Error - "Incorrect password"

Test4 - change password - old password "password1", new password "password123"
Result: Error - "Incorrect password"

Test5 - reset password - password "password123", verify password "password123"
Result: Success - "Account verified successfully"

Test6 - reset password - password "password123", verify password "password1"
Result: Error - "Passwords do not match"

Those are all as expected.
Flags: needinfo?(kensan)
(Reporter)

Comment 2

3 years ago
Hello Shane, tanks for your attention.

This is what I have surprise me:

password is: password123
enter new password: password1
http://www.kensan.it/tmp/change_pwd_1.png
press: Return
(expected: password don't match)
(result: like in picture 2)
http://www.kensan.it/tmp/change_pwd_2.png
Windows change pwd disappear.
Reopen change password...
reenter new password: password1
(expected: pwd can't match current password)
(result like expected, see pic 3)
http://www.kensan.it/tmp/change_pwd_3.png
Windows change your password disappear, reopen change pwd,
reenter old password: password123
confirm pwd: password123
(expected button change password is not shadow)
(result like expected, see pic 4)
http://www.kensan.it/tmp/change_pwd_4.png
change successful.

***

So I have change my old password without enter two times my new password. It is not like I'm expected.
Flags: needinfo?(kensan)
Thanks for the quick response Sandro. The decision to use only two password fields instead of three has been brought up by several folks. 

The important discussion takes place in https://github.com/mozilla/fxa-content-server/issues/1150 and https://bugzilla.mozilla.org/show_bug.cgi?id=995993.

The summary version is - a single password field, although not common, is intended. The "show/hide" button is meant to help users verify their password is correct before hitting submit.

I realize this explanation does little to address your concern. We have had several people give us similar feedback. Ryan Feeley (our UX designer) and I are planning to test several variants of the passwords UX over the next couple of months. We want to ensure our users have the best possible experience.

I'm closing this as a dup of #995993. 

That bug was closed as WONTFIX because the single password field is intended.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 995993
(Reporter)

Comment 4

3 years ago
(In reply to Shane Tomlinson [:stomlinson] from comment #3)
> Thanks for the quick response Sandro.
Tanks to you.

> The decision to use only two password
> fields instead of three has been brought up by several folks.
I understand. There is only one field for the pwd, the second field is optional.

> The summary version is - a single password field, although not common, is
> intended. The "show/hide" button is meant to help users verify their
> password is correct before hitting submit.

It is not common to have only one field and to show the second field that make confusion. I have pressed the return key accidentally, so I have change my old pwd with a unknown new pwd. I add that the new pwd is not show like you can see in pic 2
http://www.kensan.it/tmp/change_pwd_2.png
So if you press Return key accidentally you might to recreate a new account or to travel into the Internet to ask the procedure to retrieve the password or to change the password with a known pwd. 

> I realize this explanation does little to address your concern. We have had
> several people give us similar feedback. Ryan Feeley (our UX designer) and I
> are planning to test several variants of the passwords UX over the next
> couple of months. We want to ensure our users have the best possible
> experience.

Very good, this is my suggestion:
Don't permit to change the pwd when user press the return key when only one pwd field is filled.

Kind regards and tanks for the time spent to answer me.
You need to log in before you can comment on or make changes to this bug.