Add an Allow/Disallow autofill password option

RESOLVED FIXED in Firefox 67

Status

()

P2
normal
RESOLVED FIXED
4 years ago
2 months ago

People

(Reporter: tanvi, Assigned: prathiksha)

Tracking

(Blocks: 2 bugs, {feature})

unspecified
mozilla67
feature
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox67 fixed)

Details

(Whiteboard: [security:passwords])

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
As described in bug https://bugzilla.mozilla.org/show_bug.cgi?id=1118511, autofilling passwords is a security issue.  I'm not sure we are going to come to a resolution on bug 1118511 soon, so in the meantime it would be great to give the user an option to opt-in/opt-out of autofilled passwords.  Ryan has proposed the following UX to add a checkbox for autofilling:
https://www.lucidchart.com/publicSegments/view/555b6d79-8c58-4c53-9bd9-1a560a004433/image.png

We can start with it being checked by default and then explore other default options.  (ex: Checked by default for https sites, unchecked by default for HTTP sites.  Or unchecked by default.)

Filing this bug to track the work to add the checkbox
Whiteboard: [security:passwords]

Updated

5 months ago
Summary: Allow/Disallow autofill check box → Add an Allow/Disallow autofill password option

This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?

Flags: needinfo?(MattN+bmo)

(In reply to Ryan Feeley [:rfeeley] from comment #2)

This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?

Maybe… I was thinking as a first step that this new option would be indented under the existing one so we wouldn't need that for now. If we wanted to allow controlling autofill for an individual login I think that would make sense to be shown in the login list, not in a separate exceptions dialog IMO.

I also think we need to keep exceptions for remembering since users get annoyed when they are asked to save logins that they don't want to save (e.g. ones they find more sensitive like banking ones).

Flags: needinfo?(MattN+bmo)

I now notice that a nested checkbox won't work nicely here since we have two buttons on the right side already:

[x] Ask to save logins and passwords for websites [Exceptions…  ]
                                                  [Saved Logins…]

Maybe putting the checkbox at the bottom center of the list subdialog makes more sense?

This gives users distinct control over whether or not passwords are autofilled without surfacing it to highly. Makes sense?

(Assignee)

Updated

2 months ago
Assignee: nobody → prathikshaprasadsuman
Status: NEW → ASSIGNED
(Assignee)

Comment 6

2 months ago

Add an Allow/Disallow autofill password option

This should wait to land until after the soft code freeze. It ends on Monday.

Comment 8

2 months ago
Pushed by prathikshaprasadsuman@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/684dcc4149ad
Add an Allow/Disallow autofill password option. r=MattN

Comment 9

2 months ago
bugherder
Status: ASSIGNED → RESOLVED
Last Resolved: 2 months ago
status-firefox67: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Keywords: feature
You need to log in before you can comment on or make changes to this bug.